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Abstract 


Electronic  commerce  value-added  networks  (VANs)  have  earned  high 
loyalty  among  their  user  base.  Eighty  one  percent  (81%)  of  users  are 
either  "satisfied"  or  "very  satisfied"  with  their  VAN.  As  a  result, 
VANs  have  lowered  their  immediate  risk  of  being  abandoned  by  their 
users  in  favor  of  direct  trading  partner-to-trading  partner  connection 
over  the  Internet.  Based  on  analysis  of  user  plans  and  technology 
directions,  INPUT  forecasts  that  in  the  year  2000,  VANs  will  transact 
72%  of  the  value  of  goods  and  services  traded  through  electronic  data 
interchange  (EDI),  and  control  a  further  18%  through  their  recently 
announced  Internet  strategies. 

Internet  commerce  over  the  World  Wide  Web  (WWW)  is  growing  at  a 
rate  of  over  370%  from  $70  milHon  in  1995  to  $165  bilhon  in  the  year 
2000.  This  growth  is  far  in  excess  of  the  growth  of  EDI-facilitated 
commerce,  but  there  are  opportunities  for  the  EDI  software  companies 
to  participate  in  the  WWW  market  through  provision  of  back-end 
fulfillment  capabilities  for  web  servers. 

This  report.  Electronic  Commerce  Over  the  Internet,  gives  a  full 
explanation  of  the  current  status  of  Internet/EDI  and  WWW 
commerce.  It  is  based  on  interviews  with  293  trading  companies,  all 
major  VANs,  EDI  software  companies,  web  server  vendors  and  users. 
As  a  result,  it  authoritatively  forecasts  the  direction  of  these  markets 
to  the  year  2000,  and  answers  questions  which,  previously,  were  the 
subject  of  opinions  and  speculations. 

The  report  contains  vital  information  and  recommendations  for 
anyone  who  needs  to  consider  how  the  Internet  will  affect  their 
electronic  commerce  programs.  This  specifically  includes  the  VANs, 
EDI  software  companies,  web  server  vendors  and  users. 

The  report  contains  96  pages  and  42  exhibits. 
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Introduction 


A  

Purpose 

Over  the  past  twelve  months,  the  explosive  growth  in  the  number  of 
connections  to,  and  in  the  usage  of,  the  Internet  for  business  purposes  has 
been  well  documented.  However,  as  yet  there  is  still  relatively  little  actual 
commerce  being  conducted  over  the  Internet.  Nevertheless,  there  is  a  great 
deal  of  speculation  that  companies  conducting  electronic  data  interchange 
will  move  their  business  from  the  value  added  networks  (VANs)  that  are 
currently  carrying  the  traffic  to  the  Internet,  thereby  causing  major 
dislocations  in  the  market  for  VAN  services. 

There  has  also  been  discussion  as  to  the  impact  of  the  World  Wide  Web 
(WWW)  on  electronic  commerce.  Currently,  business-to-consumer 
transactions  account  for  about  60%  and  business-to-business  for  about  40%  of 
the  commerce  transacted  over  the  WWW.  INPUT  forecasts  that  by  the  year 
2000  there  will  be  a  shift  so  that  80%  of  the  commerce  will  be  business-to- 
business,  and  20%  will  be  business-to-consumer. 

The  purpose  of  this  report  is  to  investigate  the  impact  of  the  Internet  on 
electronic  commerce,  and  to  quantify  the  extent  to  which  companies  will 
transfer  their  electronic  business  exchange  to  the  Internet.  This  report  also 
forecasts  the  directions  of  these  markets  over  the  five-year  period  from  1996 
to  the  year  2000. 

The  major  electronic  commerce  media  covered  by  this  report  are  electronic 
data  interchange  (EDI)  and  the  electronic  marketplace  constituted  by  the 
World  Wide  Web  (WWW). 
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This  study  is  intended  to  help: 


•  EDI  software  vendors  decide  whether  to  develop  an  Internet  EDI 
capabilities  for  Internet-based  EDI  and  WWW-based  commerce 

•  EDI  network  operators,  also  known  as  value-added  networks  (VANs), 
imderstand  the  impact  that  the  Internet  will  have  on  their  business 

•  EDI  users,  who  must  evaluate  the  various  communications  and  services 
strategies  available  through  the  Internet  and  the  VANs 

•  World  Wide  Web  (WWW)  server  and  browser  software  developers,  who 
must  decide  whether  to  enhance  the  commercial  capabilities  of  their 
offerings 

•  Trading  companies  who  must  evaluate  whether  it  is  appropriate  for  them 
to  sell  their  goods  and  services  over  the  Internet 

B   •  

Methodology 


Primary  research  sources  were  used  to  develop  and  analyze  the  findings  of 
this  report,  including: 

•  Interviews  with  representatives  of  the  VANs  and  EDI  software  companies 

•  Interviews  with  representatives  of  WWW  server  and  browser  developers, 
and  companies  that  use  these  products  to  sell  on  the  Internet 

•  Surveys  of  293  EDI  VAN  users  and  companies  that  are  using  the  Internet 
to  conduct  EDI  communications 

INPUT  also  completed  secondary  research  from  its  vast  library  of  on-line  and 
collateral-based  information  sources  and  publications.  This  supplemented 
and  verified  the  data  that  was  gathered  by  primary  research. 


Scope 

Electronic  commerce  over  the  Internet  is  conducted  in  two  ways: 

•    Using  the  Internet  as  a  carrier  for  business  transactions  between 

organizations'  computer  applications,  or  EDI.  EDI  over  the  Internet  is 
similar  in  concept  to  EDI  over  VANs.  Using  a  messaging-based 
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technology,  the  contents  of  the  message  files  are  defined  in  a  structured 
manner  in  accordance  with  generally  accepted  EDI  standards. 

•    Using  the  WWW  environment  where  electronic  commerce  is  comprised  of 
user  transactions  for  goods  or  services.  This  data  exchange  does  not 
follow  the  same  structured  approach  as  is  the  case  for  EDI.  Rather,  the 
data  format  follows  HTML  protocols. 


Industry  Structure 

1.  Value-Added  Networks  (VANs) 

VANs  perform  the  carrier  function  that  supports  the  transmission  of  EDI 
messages  on  behalf  of  business  and  governmental  organizations.  Only 
recently  have  they  initiated  strategies  to  take  into  account  the  role  of  the 
Internet  as  another  communications  medium.  Companies  such  as  GEIS, 
Sterling,  Harbinger,  and  AT&T  Easylink  provide  these  services. 

2.  EDI  Translation  Software  Vendors 

To  date,  EDI  translation  software  has  been  configured  to  work  with  the 
communications  requirements  of  the  VANs.  To  support  access  to  the 
Internet,  the  software  vendors  are  reconfiguring  their  communications 
capabilities  to  support  TCP/IP  and  to  implement  appropriate  data  security 
protocols.  Companies  such  as  Supply  Tech,  Sterling,  Harbinger,  Premenos, 
St.  Paul  and  TSI  International  sell  EDI  translation  software  for  a  variety  of 
platforms,  including  PCs,  UNIX  and  AS/400. 

3.  WWW  Clientserver  Software  Vendors 

Companies  such  as  Netscape,  Open  Market,  SpyGlass,  Frontier  Technologies 
and  Process  Software  develop  software  for  the  server  and  browser 
marketplace.  These  software  platforms  enable  the  establishment  of 
electronic  commerce  on  the  WWW. 

4.  WWW-based  Vendor  Organizations 

Organizations  such  as  the  Internet  Shopping  Network,  Branch  Mall,  and 
CDNow  have  developed  sales  environments  using  the  server  software  from 
the  vendors  noted  above.  For  an  analysis  of  this  marketplace  in  detail,  refer 
to  input's  companion  report.  Electronic  Catalogs,  Weh  Storefronts  and 
Internet  Malls. 


EESM 


1996  by  INPUT.  Reproduction  Prohibrted. 


3 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


E  

Related  Reports 

Much  of  the  information  and  analysis  included  in  this  report  is  based  on  user 
and  vendor  surveys  as  part  of  INPUT'S  ongoing  electronic  commerce  and 
Internet  market  analysis  programs.  For  more  information  on  electronic 
commerce  over  the  Internet,  the  reader  is  referred  to  these  other  INPUT 
reports  : 


•  Electronic  Catalogs,  Web  Storefronts  and  Internet  Malls 

•  Electronic  Commerce  in  Government 

•  Electronic  Commerce  Markets  and  Forecast,  1995  -  2000 

•  Sales  and  Marketing  on  the  Internet 

•  The  Future  of  Web  Browsers  and  Servers 

•  Using  the  Internet  for  Business  Operations 
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Executive  Overview 


A  ^  

Introduction 

In  spite  of  the  phenomenal  and  well  documented  growth  of  the  Internet  over 
recent  months,  the  fact  remains  that  relatively  little  commerce  is  actually 
being  conducted  over  the  Internet  at  this  time.  With  very  high  expectations 
for  the  Internet  as  a  trading  environment,  dire  speculations  are  being  made 
regarding  the  fate  of  the  value-added  networks  (VANs)  and  other  channels 
that  currently  carry  the  commerce  that  supposedly  will  move  to  the  Internet. 

INPUT  has  conducted  primary  research  into  the  subject  of  electronic 
commerce  over  the  Internet,  and  this  report  documents  the  results.  INPUT 
surveyed  293  trading  companies  currently  engaged  in  electronic  commerce, 
as  well  as  the  VANs,  EDI  software  companies.  World  Wide  Web  (WWW) 
server  and  browser  vendors,  and  operators  of  Internet  malls. 

As  a  result,  this  report  moves  beyond  the  speculation  to  document  the 
current  state  of  Internet  commerce  comprehensively,  and  to  forecast 
authoritatively  the  directions,  trends  and  market  sizes  over  the  five-year 
period  from  1996  to  the  year  2000. 

The  report  documents  both  the  movement  of  electronic  data  interchange 
(EDI)  traffic  to  the  Internet  and  the  growth  of  commerce  through  electronic 
marketing  and  purchasing  over  the  WWW. 
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B  

Major  Findings 

1.  Perceptions  and  Intentions  of  EDI  Users 

It  is  often  stated  that  EDI  users  are  anxious  to  be  rid  of  the  perceived  high 
cost  of  using  a  VAN  to  intermediate  their  EDI  transactions,  and  are 
interested  in  moving  their  traffic  to  the  Internet  to  save  cost.  INPUT'S 
research  has  found  that  this  is  not  generally  the  case. 

While  users  are  sensitive  to  the  VANs'  costs,  they  are  aware  that  they  are 
paying  for  services  beyond  the  basic  transport  service  that  the  Internet  could 
potentially  provide.  Users  value  these  additional  services,  and  are  generally 
willing  to  pay  for  them.  Additional  services  include: 

•  Assistance  in  converting  trading  partners  to  EDI 

•  Logging  audit  trails 

•  Assigning  accountability  in  case  of  a  lost  transaction 
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Exhibit  II- 1  displays  the  overall  level  of  satisfaction  that  EDI  users  have  with 
the  VAN  they  are  using.  To  have  a  zero  percentage  of  responses  either 
"Somewhat  Dissatisfied"  or  "Very  Dissatisfied"  is  a  strong  endorsement 
indeed!  Eighty-one  percent  (81%)  of  respondents  were  "Somewhat  Satisfied" 
or  "Very  Satisfied." 


Users'  Overall  Satisfaction  Level  with  VANs 


Very  Satisfied 


Somewhat  Satisfied 


Neither  Satisfied 
nor  Dissatisfied 


Somewhat  Dissatisfied 


Very  Dissatisfied 


19% 


36% 


45% 
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Percentage  of  Responses 


Source:  INPUT 

Chapter  IV  gives  details  of  the  responses  supporting  the  conclusion  that  EDI 
users  are  not  ready  to  rush  to  the  Internet  and  abandon  the  VANs. 
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However,  users  are  intensely  interested  in  the  potential  of  the  Internet  for 
EDI,  although  they  do  not  give  consistent  reasons  for  this.  When  asked  what 
reasons  they  might  have  for  not  using  the  Internet,  the  perceived  lack  of 
security  ranked  highest  with  59%  of  responses,  as  shown  in  Exhibit  II-2. 


Exhibit  11-2 


Reasons  for  Not  Using  the  Internet  for  EDI 


Security 
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Source:  INPUT 


INPUT  research  has  found  (as  documented  in  Chapter  VI — Enabling 
Technologies)  that,  in  fact,  adequate  Internet  security  mechanisms  exist. 
Proper  application  of  them,  over  time,  will  generate  enough  good  press  that 
the  perception  of  the  Internet  as  being  insecure  will  change.  When  this 
happens,  INPUT  projects  that  users  will  be  ready  to  move  some  applications 
to  the  Internet  in  parallel  with  other  VAN  applications,  where  the  VAN's 
"value-added"  is  needed. 


2.    VAN  Strategies 

Many  of  the  major  VANs,  specifically  Sterling,  Harbinger  and  GEIS,  have 
recently  adopted  proactive  strategies  for  accommodating  the  Internet  in  their 
portfolios. 
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INPUT  has  classified  these  strategies  into  three  types: 

•  On-demand  connectivity  essentially  allows  user  companies  to  send 
messages  through  the  Internet,  but  without  the  necessary  security  to 
make  this  a  usefiil  option.  VANs  in  this  category  are  adopting  a  "wait  and 
see"  attitude  and  waiting  for  there  to  be  an  evident  customer  demand 
(rather  than  only  an  interest)  before  offering  a  comprehensive  Internet 
service. 

•  Controlled  connectivity  is  a  strategy  adopted  by  other  VANs  who  are 
viewing  the  Internet  as  another  way  of  routing  traffic  from  trading 
companies  to  that  VAN's  network.  This  strategy  is  oriented  toward 
transport  options,  but  not  toward  cost  saving,  for  the  user  company. 

•  Open  connectivity  is  the  strategy  that  views  connection  to  the  Internet  in 
a  similar  way  to  interconnection  to  any  other  EDI  VAN.  The  philosophy 
of  this  strategy  is  that  trading  partners  on  the  Internet  are  an  expansion 
of  the  entire  EDI  marketplace,  and  the  strategy  facilitates  the 
communication  with  Internet-connected  trading  partners  equally  with 
VAN-connected  partners. 

3.    EDI  Software  Vendor  Strategies 

Some  EDI  software  vendors  are  taking  the  approach  of  selling  packages  that 
will  enable  trading  partners  to  communicate  with  each  other  over  the 
Internet  without  using  the  services  of  a  VAN.  The  most  prominent  company 
in  this  category  is  Premenos  with  its  product  Templar.  Premenos  is  licensing 
Templar  to  other  EDI  software  vendors,  and  to  date  DND  Worldwide,  APL 
Group  and  TSI  have  purchased  licenses. 

Templar  satisfies  the  major  technical  requirements,  providing: 

•  Message  authentication 

•  Integrity 

•  Confidentiality 

•  Non-repudiation  of  origin  and  receipt 

Although  all  of  these  characteristics  are  delivered  in  a  "standards-based" 
manner,  the  fact  remains  that  each  communicating  trading  partner  needs  its 
own  copy  of  Templar,  and  somewhat  equivalent  products,  such  as  Harbinger's 
(also  "standards-based,"  but  different  standards),  will  not  intercommunicate 
with  it.  As  a  result.  Templar  is  sometimes  referred  to  (rather  unfairly)  as  a 
proprietary  and  "closed"  product. 
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Although  Premenos'  strategy  is  somewhat  based  on  the  assumption  that 
there  is  a  groundswell  of  pressure  in  the  EDI  user  companies  away  from  the 
VANs  (which,  as  explained  earlier,  INPUT  has  found  not  to  be  the  case), 
INPUT  believes  that  there  will  be  healthy  sales  of  Templar,  and  similar 
products,  but  only  when  there  is  industry  agreement  on  which  set  of 
standards  to  use.  The  market  will  expand  when  Templar  users  can  interface 
to  sites  that  use  alternative  EDI  software. 

c 

Market  Size  and  Forecast 

Chapters  IV  and  V  give  INPUT'S  market  size  estimates  and  forecast  for  1996- 
2000  for: 

•  EDI  network  services  market 

-  Traditional  VAN  services  revenue 

-  Internet-related  VAN  services  revenue 

•  EDI  software  market 

-  Traditional  EDI  software  for  VANs 

-  Internet  EDI  software  (VAN-related) 

-  Internet  EDI  software  (non-VAN) 

•  WWW  server  software  market 

•  Value  of  goods  and  services  traded  using  EDI  (Internet  and  non-Internet) 

-  Sales  through  traditional  VANs 

-  Sales  through  VANs'  Internet  offerings 

-  Sales  through  Internet  EDI — not  VAN-related 

•  Value  of  goods  and  services  traded  over  the  WWW 

-  Business-to-business  sales 

-  Business-to-consumer  sales 
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1.    Value  of  Goods  and  Services  Traded  Using  EDI 

The  worldwide  value  of  goods  and  services  that  INPUT  forecasts  to  be  traded 
using  EDI  in  the  year  2000  is  shown  in  Exhibit  II-3. 


Value  of  Goods  and  Services  Traded  Using  EDI 
(Internet  and  Non-Internet)  in  the  Year  2000 


Traditional  VAN  EDI 


Internet-related  VAN  EDI 


Internet  (non-VAN)  EDI 
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Source:  INPUT 


The  value  of  goods  and  services  sold  through  Internet/EDI  total  $106  billion 
in  the  year  2000.  This  a  substantial  figure,  and  fast  growing  at  110%  per 
year.  However,  it  is  still  only  about  40%  of  the  value  of  sales  made  through 
the  traditional  VAN  channel.  This  is  consistent  with  INPUT'S  research 
findings  that  users  see  a  high  value  in  the  "value-added"  aspect  of  VANs' 
services. 

INPUT  projects  that  as  the  Internet  puts  pressure  on  VAN  charges  to 
decrease,  and  Internet  charges  increase,  the  Internet  will  no  longer  be  seen 
as  "free." 

The  non-VAN-related  sales  are  significantly  lower  than  the  VAN-related 
sales,  consistent  with  INPUT'S  finding  that  most  users  will  have  an 
Internet/EDI  strategy  that  co-exists  with  their  VAN  usage. 
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2.    Value  of  Goods  and  Services  Traded  Using  the  WWW 

Exhibit  II-4  shows  the  worldwide  value  of  goods  and  services  traded  using  the 
WWW  in  the  year  2000. 


Exhibit  11-4 


Value  of  Goods  and  Services  Traded 
Using  the  WWW  in  the  Year  2000 
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Source:  INPUT 

Today,  business-to-consumer  sales  through  the  WWW  are  greater  than 
business-to-business  sales.  INPUT  projects  a  crossover  within  the  next  few 
years  to  the  ratio  as  shown  above. 

The  total  value  of  goods  and  services  sold  over  the  WWW  in  2000,  at  $165 
billion,  is  about  40%  of  the  value  that  will  be  sold  through  the  EDI  medium  in 
2000.  However,  it  is  growing  at  a  much  faster  rate — 250%  per  year, 
compared  to  32%  for  EDI. 

The  total  value  of  goods  and  services  sold  business-to-business  over  the 
Internet  (EDI  and  WWW)  is  projected  by  INPUT  to  be  $255  bilhon  in  the 
year  2000.  This  is  a  little  less  than  2%  of  the  total  worldwide  business-to- 
business  commerce  expected  in  that  year. 


Current  Experience  of  EDI  Over  the  Internet 


Although  VAN  Internet  services  are  not  generally  available  yet,  and  Templar 
users  are  generally  still  in  the  early  stages  of  their  implementations,  there 
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are  a  number  of  "early  adopters"  that  have  implemented  EDI  over  the 
Internet  by  themselves. 

The  most  prominent  are  Lawrence  Livermore  National  Laboratory  (LLNL) 
and  Bank  of  America,  which  have  developed  their  own  "standards-based" 
package  to  give  completely  secure  communications  for  payments  that  LLNL 
makes  to  its  vendors. 

Other  companies  taking  a  "do-it-yourself  approach  to  Internet  commerce  are 
simply  transmitting  messages  in  the  clear  (i.e.,  without  security).  Although 
prudence  would  seem  to  dictate  only  careful  and  very  controlled  use  of  this 
approach,  the  experience  of  those  who  have  adopted  it  is  generally  very 
positive. 

INPUT  has  found  that  the  key  parameters  driving  companies  to  use  the 
Internet  without  waiting  for  commercial  packages  to  help  them  are  the  need 
for  rapid  communication  and  very  high  traffic  levels  with  trading  partners. 
The  companies  have  determined  that  equivalent  response  time  could  only  be 
obtained  from  a  VAN  architecture  by  the  provision  of  very  expensive  private 
lines.  The  situation  of  companies  that  have  implemented  their  own  Internet 
solutions  is  not  typical  of  the  average  VAN  user,  so  we  cannot  conclude  that 
their  satisfaction  with  the  Internet  should  cause  the  average  user  to  follow 
the  same  path.  However,  they  are  certainly  blazing  a  trail  and  learning 
lessons  that  will  become  more  generally  applicable  as  time  goes  on. 


World  Wide  Web  Commerce 

A  companion  report.  Electronic  Catalogs,  Web  Storefronts  and  Internet  Malls, 
studies  the  market  and  forecast  for  WWW  commerce  in  great  detail.  This 
report.  Electronic  Commerce  Over  the  Internet,  investigates  strategies  being 
taken  by  the  server  and  browser  vendors  in  enabling  commerce  on  the  WWW. 

"Server  push"  technology  will  allow  WWW  vendors  to  be  proactive  in 
marketing  to  their  customers  by  having  the  server  reach  out  to  them.  This  is 
an  advantage  over  the  current  situation,  in  which  vendors  must  wait 
passively  for  potential  customers  to  surf  to  their  site. 

"Persistent  client-side  state"  browsers  will  allow  more  intelligence  in  the 
server/browser  communication,  as  they  will  allow  the  browser  to  "remember" 
what  has  happened  between  sessions  and  pick  up  where  it  left  off. 

A  major  opportunity  for  EDI  software  vendors  is  to  assist  WWW  server 
vendors  in  the  implementation  of  back-end  interfaces  from  the  server  to  the 
legacy  systems  that  support  fulfillment  of  orders  captured  by  the  server.  This 
is  currently  a  manual  process  in  most  cases,  and  EDI  technology  may  provide 


EESM 


©  1996  by  INPUT.  Reproduction  Prohibited. 


13 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


the  solution  of  connecting  Web  sites  to  legacy  fulfillment  systems  (although  it 
is  also  possible  that  the  server  vendors  will  b3rpass  EDI  technology  in  favor  of 
more  modern  protocols  attuned  to  the  specific  needs  of  the  Internet). 


Enabling  Technologies 


A  major  key  to  enabling  Internet  use  for  electronic  commerce  is  the 
availability  of  security  mechanisms.  INPUT  differentiates  between  transport 
security,  which  provides  for  encryption  and  authentication  over  a  particular 
channel,  and  data  security,  which  provides  for  end-to-end  security  for  a 
complete  application. 

SSL  and  PCT  are  transport  security  protocols  promoted  by  Netscape  and 
Microsoft,  respectively.  STT  and  SEPP  are  data  security  protocols  promoted 
by  MicrosoftA'^isa  and  Netscape/MasterCard,  respectively,  that  allow  for 
security  all  the  way  from  the  consumer  entering  a  credit  card  number  into  a 
browser,  through  the  merchant  (who  cannot  gain  access  to  the  number),  to 
the  credit  card  verification  center.  Many  other  security  protocols  exist,  such 
as  PEM,  PGP,  MOSS,  S/MIME  and  S/HTTP,  and  their  interrelationship  is 
explained  in  Chapter  VI. 

Although  the  security  arena  is  complex,  INPUT  concludes  that  Internet 
commerce  can  be  made  significantly  more  secure  than  any  other  form  of 
commerce  existing  today.  However,  the  technology  must  be  applied  correctly, 
and  guidelines/good  practices  need  to  become  commonplace  to  avoid  the 
embarrassing  security  breaches  that  make  the  headlines  and  tend  to  erode 
confidence  in  the  Internet  as  a  viable  tool  for  commerce. 

Multiple,  overlapping,  and  sometimes  competing  protocols  threaten  to  slow 
the  acceptance  of  Internet  commerce.  Based  on  the  rate  of  innovation  and 
the  "open"  attitude  shown  in  the  Internet  community,  INPUT  is  confident 
that  competitors  will  cooperate  to  make  their  protocols  interoperable. 

Other  technologies  that  will  facilitate  electronic  commerce  in  a  WWW 
environment  include  the  ability  to  create  more  powerful  applications  and 
enliven  the  user  interface  through  the  application  of  client  processing 
through  JAVA,  animation  through  Macromedia's  Shockwave  and  realistic  3-D 
presentation  to  the  customer  through  the  Virtual  Reality  Modeling  Language 
(VRML). 
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The  Internet — Its  Characteristics 
in  an  Electronic  Commerce 
Environment 


This  chapter  discusses  the  characteristics  of  the  Internet  and  its  role  in 
electronic  commerce  activities.  Explosive  growth  of  the  Internet,  new  service 
needs  and  information  demands  by  users  have  presented  areas  of  both 
opportunity  and  concern. 


Internet  Characteristics 


Electronic  commerce  over  the  Internet  has  two  major  driving  forces: 

•  Businesses  are  constantly  striving  to  reduce  costs.  The  Internet  is 
perceived  to  be  well  positioned  to  assist  in  lowering  the  transaction  costs 
that  businesses  currently  incur  with  VANs. 

•  EDI  "hubs"  are  large  companies  that  are  very  motivated  to  get  as  many  as 
possible  of  their  suppliers  ("spokes")  to  trade  electronically  using  EDI. 
The  Internet  represents  an  opportunity  for  hubs  to  get  more  of  their 
spokes  to  use  EDI. 
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Exhibit  III-l  lists  characteristics  of  the  Internet  that  provide  a  framework  for 
electronic  commerce  over  the  Internet.  These  characteristics  make  it  easy  for 
vendors  on  the  Internet,  and  trading  partners  using  the  Internet  as  a  carrier 
for  EDI  messages,  to  configure  software  and  implement  strategies  that 
support  their  business  objectives. 


Exhibit  III-l 

Characteristics  of  the  Internet  Today 


•  Wide  availability 

•  Low  cost 

•  Broad  selection  of  software 

•  Vast  amounts  of  information  available 

•  Electronic  mail  system  interconnectivity 
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•  Wide  Availability — The  Internet  was  originally  built  to  connect  research 
and  academic  facilities  worldwide.  Today,  it  is  a  rare  geographic  location 
that  cannot  connect,  in  some  manner,  to  the  Internet.  This  wide 
availability  has  made  it  possible  for  30  million  people  to  communicate 
with  each  other,  to  access  the  information  they  want,  and  to  purchase  the 
goods  and  services  they  need. 

•  Low  Cost — The  essential  ingredient  to  the  Internet's  wide  availability  has 
been  its  low  cost.  It  is  inexpensive  to  set  up  an  electronic  mail  server  or 
an  FTP  site.  Once  done,  the  server  is  another  point  on  the  Internet. 
Much  user  software  required  to  access  the  Internet  is  available  for  little 
or  no  cost.  When  the  barriers  to  use  are  low,  a  technology's  acceptance 
into  the  marketplace  is  rapid,  and  this  has  happened  to  the  Internet. 

•  Broad  Selection  of  Software — widely  available  network  that  is 
inexpensive  to  set  up  and  run  would  still  only  address  a  small,  specialized 
market  if  there  were  no  mass-market  user  tools  available.  The  personal 
computer  revolution  has  created  a  vast  pool  of  programming  expertise 
around  the  world.  The  resulting  widespread  exchange  of  ideas  and  talent, 
across  multiple  hardware  and  operating  system  platforms,  has  resulted  in 
the  development  of  a  wide  array  of  software  tools  for  both  the  user  and 
the  information  server  markets. 

•  Vast  Amounts  of  Information  Available — Just  as  tools  have  grown  in 
sophistication  and  ease  of  use,  the  volume  and  types  of  information 
available  on  the  Internet  have  also  grown.  Not  only  has  static, 
bibliographic-style  information  become  more  common,  but  dynamic 
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information  such  as  weather  reports,  stock  market  information,  and 
descriptions  of  products  in  malls  has  also  increased.  INPUT'S  report 
Electronic  Catalogs,  Web  Storefronts  and  Internet  Malls  goes  into  more 
detail  on  this  topic. 

•    Electronic  Mail  Interconnectivity — Fundamental  to  the  Internet's 

explosive  growth  has  been  its  ability  to  interconnect  disparate  electronic 
mail  systems.  As  long  as  proprietary  E-mail  systems  adhere  to  the 
Internet  standard,  any  user  can  communicate  with  another  user, 
worldwide.  No  longer  is  it  necessary  to  figure  out  the  convoluted  X.400  E- 
mail  address  of  your  colleague.  Ease  of  interconnection  has  the  benefit  of 
lowering  the  costs  related  to  doing  business  on  the  Internet. 


Exhibit  III-2  lists  four  issues  that  affect  electronic  commerce  over  the 
Internet.  Although  these  issues  are  being  addressed  by  ISPs  (Internet 
service  providers)  and  the  IETF  (Internet  Engineering  Task  Force),  they  have 
not  yet  been  eliminated  and  must  be  worked  around  in  the  short  term.  When 
the  current  draft  discussion  stage  of  the  IETF  is  completed,  supportable 
standards  will  be  in  place.  With  these  in  hand,  it  will  be  easier  and  more 
profitable  for  organizations  to  invest  in  Internet  electronic  commerce 
services. 


B 


Current  Internet  Issues 


Exhibit  III-2 


Current  Issues  of  the  Internet 


Insufficient  bandwidth 


Uncertainty  of  delivery 

Authorization  and  authentication  of  payments 
Message  privacy  and  integrity 
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•  Insufficient  Bandwidth — ^With  the  number  of  users  and  information 
transfer  volumes  rising  exponentially,  the  pipelines  that  carry  these 
demands  are  overcrowded.  The  growth  of  the  Internet's  popularity  has 
outstripped  the  carriers'  ability  to  upgrade  the  capacity  of  the  network  on 
a  timely  basis.  This  affects  the  ability  of  users  to  get  at  information  they 
need,  and  to  transfer  large  data  files.  The  new  audio,  video,  and 
interactive  technologies  will  make  even  more  severe  demands  on  the 
network's  performance. 

ISPs  and  the  major  network  carriers  are  actively  upgrading  the  backbone 
that  supports  the  Internet.  A  new  generation  of  routers,  combined  with 
high-speed  ATM  switches,  is  progressively  resolving  the  bandwidth 
restrictions. 

•  Uncertainty  of  Delivery — In  the  Internet  environment,  actual  delivery  of 
a  message  or  transaction  file  is  not  always  assured.  This  is  because  of  the 
current  underljdng  network  architecture.  A  message's  packets  can  follow 
different  routes  to  the  destination  because  the  Internet  is  a  collection  of 
interlinked  networks,  servers  and  carriers.  If  one  of  the  servers  or 
carriers  is  down,  then  that  message  will  be  incomplete  and  must  be 
resent. 

The  IETF  has  in  its  draft  standards  cycle  a  proposal  to  upgrade  the  SMTP 
protocol  to  provide  for  an  acknowledgment  capability.  Such  capability  is 
present  in  many  of  the  private  E-mail  systems,  such  as  AT&T  EasyLink 
Mail  and  IBM's  Lotus  division's  cc:Mail. 

•  Authorization  and  Authentication  of  Payments — Electronic  commerce 
over  the  Internet  will  grow  more  rapidly  once  there  are  mechanisms 
routinely  in  place  whereby  sensitive,  payment-related  data  can  be  secured 
before  being  submitted  to  the  Internet  for  delivery.  The  securing  of  the 
information  in  a  standardized  manner  provides  the  receiver  with  the 
assurance  that  the  payment  instruction  is  authorized  and  authentic. 

Currently,  there  are  two  proposed  approaches  to  ensuring  this  level  of 
security:  Secure  Transaction  Technology  (STT)  from  Microsoft  and  Visa, 
and  Secure  Electronic  Pa3mient  Protocol  (SEPP)  from  Netscape  and 
MasterCard.  The  uncertainty  as  to  which  proposal  will  prevail  prevents 
software  suppliers  and  business  planners  from  making  definite 
implementation  plans. 
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•    Message  Privacy  and  Integrity — The  contents  of  the  electronic  commerce 
message  are  often  sensitive  as  well.  For  this  level  of  security,  there  are 
three  competing  approaches:  Secure  HTTP  (SHTTP)  from  Terisa,  Secure 
Sockets  Layer  (SSL)  from  Netscape  and  Private  Communications 
Technology  (PCT)  from  Microsoft.  Only  SSL  is  used  widely  at  this  time 
through  the  Netscape  browser. 

Widespread  expansion  of  electronic  commerce  over  the  Internet  demands 
interoperable  standards.  Interoperable  standards  give  developers  and 
vendors  confidence  that  they  may  gain  a  return  on  their  product 
development  costs. 


Summary 

The  growth  and  wide  accessibility  of  the  Internet  has  created  an 
unprecedented  marketplace  opportunity  for  sellers  and  marketers.  While 
several  issues  have  been  raised,  solutions  have  also  been  identified.  The 
remaining  work  to  be  done  is  to  reconcile  the  competing  proposals  and 
implement  the  solutions.  These  processes  will  reach  completion  as  1996 
progresses. 

With  the  solutions  about  to  be  standardized,  businesses  should  not  be  in  a 
"wait  and  see"  mode.  Business  organizations  should  be  reviewing  their 
objectives  and  goals  for  Internet  electronic  commerce.  They  should  then 
consider  implementing  pilot  systems  and  trials  to  understand  which 
capabilities  support  their  organizations  most  effectively.  The  capabilities  of 
the  Internet  will  allow  them  to  enhance  their  positions  in  the  electronic 
commerce  marketplace,  and  to  generate  additional  revenue  flows.  In  some 
industry  segments,  companies  that  fail  to  embrace  Internet  commerce  are 
at  significant  risk  of  losing  business  to  their  competitors  that  can  trade 
electronically. 
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EDI  Over  the  Internet 


Historically,  the  VANs  have  provided  major  corporations  (hubs)  with  the 
transport  capability  to  exchange  EDI  standard  documents  with  their  trading 
partners  (spokes).  The  VANs  do  this  by  using  mainframe-based  store  and 
forward  systems  that  collect  data  sent  in  by  trading  partners,  and  then 
distributing  the  messages  to  the  appropriate  mailboxes  based  upon  the 
address  information  stored  in  the  message.  This  service  is  based  on  well- 
established  technologies  and  presents  no  particular  technical  challenges  to 
VANs.  Other  services,  such  as  ensuring  confidentiality  of  transmission, 
delivery  assurance,  audit  trails  and  trading  partner  roll-out  assistance,  give 
the  VANs  the  added  value  they  believe  users  desire  and  are  willing  to  pay  for. 

Originally,  the  Appropriate  Use  policy  for  the  Internet  restricted  commercial 
use,  academic  and  research  pursuits  being  its  main  applications.  Now,  with 
the  broader  interpretation  of  the  Appropriate  Use  policy  of  the  Internet,  it 
has  become  feasible  to  implement  commercially  oriented  activities,  such  as 
EDI,  over  the  Internet. 

This  chapter  reviews  the  impact  that  the  Internet  is  having  on  the  strategies 
of  the  EDI  VANs  and  the  EDI  translation  software  vendors.  It  also  includes 
the  results  of  a  survey  of  EDI  VAN  users,  their  opinions  about  the  VANs  they 
use  and  the  effect  that  these  opinions  have  on  the  possibility  of  using  the 
Internet  for  EDI.  The  chapter  concludes  with  a  review  of  current  Internet- 
based  EDI  initiatives. 
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A  

Users  of  Value-Added  Networks 

1.    Respondent  Profile 

It  is  often  stated  that  VANs  are  hard  to  use  and  are  expensive.  This  view  is 
sometimes  expressed  to  explain  the  slow  expansion  of  EDI.  For  this  report, 
INPUT  interviewed  users  who  subscribe  to  VANs  such  as  GEIS,  AT&T, 
Harbinger  and  COMMERCE :Network  from  SterHng.  The  objective  of  the 
survey  was  to  ascertain  the  level  of  satisfaction  the  users  have  with  their 
VAN  providers.  A  high  level  of  dissatisfaction  would  identify  a  situation  in 
which  users  would  be  more  inclined  to  consider  moving  away  from  the  VAN 
onto  the  Internet  when  the  possibility  presents  itself. 


2.    Importance  of  VANs*  Value-Added  Services 

Exhibit  rV-l  shows  how  users  rate  the  various  VAN  services  to  which  they 
subscribe.  It  is  evident  that  the  value-added  services,  such  as  assistance  with 
trading  partner  implementation,  customer  support,  conversion  from  EDI  to 
other  formats,  etc.,  rate  higher  even  than  the  basic  service  of  EDI  message 
exchange.  INPUT  concludes  that  these  value-added  services  would  be  missed 
if  the  Internet  were  to  be  used  for  basic  EDI  message  exchange. 


Exhibit  IV-1 


Importance  of  VANs'  Value-Added  Services 
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3.    Importance  of  VAN  Characteristics 

There  are  four  key  characteristics  of  the  services  offered  by  VANs: 

•  Authentication  -  the  process  which  assures  the  receiver  that  the  message 
did  indeed  come  from  the  indicated  sender 

•  Integrity  -  the  receiver's  confidence  that  the  message  was  not  altered 
after  it  was  sent 

•  Non-repudiation  -  the  assurance  that  the  sender  cannot  deny  having 
submitted  the  EDI  message  to  the  network 

•  Confidentiality  -  the  assurance  that  the  message  was  not  viewed  by  third 
parties  before  it  was  delivered  to  the  receiver 

Users  were  asked  how  much  they  valued  each  of  these  characteristics,  and 
the  results  are  shown  in  Exhibit  IV-2.  It  is  striking  to  note  that  all  of  these 
characteristics  were  valued  very  highly  (all  above  4.0),  Users  fully 
imderstand  the  value  of  subscribing  to  VANs  and  would  expect  to  see  these 
characteristics  in  any  alternative  EDI  network  strategy,  such  as  the  Internet. 


Exhibit  IV-2 
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4.    Evaluation  of  VANs 

a.    Level  of  Satisfaction  About  Expenditures 

Exhibit  IV-3  shows  the  user  perceptions  regarding  VAN  costs.  Over  60%  of 
users  rated  their  level  of  expenditures  on  VANs  to  be  "Somewhat  Reasonable" 
or  "Very  Reasonable."  It  is  significant  that  no  users  determined  their  costs  to 
be  "Very  Unreasonable."  Even  if  users  believe  that  VAN  costs  are  high,  they 
understand  that  they  are  getting  needed  value  from  fees  paid. 
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b.    VAN  Characteristics  Important  to  Users 

Exhibit  IV-4  shows  how  users  responded  when  asked  which  characteristics  of 
VANs  were  most  important  to  them.  RehabiHty  and  ease  of  use  were  the 
most  important  factors.  Nobody  mentioned  low  prices  as  the  most  important 
characteristic.  Users  appreciate  the  value-added  services  of  VANs  more  than 
they  dislike  VAN  costs. 


VAN  Characteristics  Important  to  Users 


Ease  of  Use 


32% 


Reliability  W////////////////M  32"/. 


Trading  Partner 
Implementation 


m. 

16% 


Rapid  Delivery  ^  4% 
Low  Prices  0 


0        10       20       30       40       50       60  70 
Percentage  of  Responses 


 \  1 

80       90  100 


Source:  INPUT 


1996  by  INPUT.  Reproduction  Prohibited. 


25 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


c.    Overall  Satisfaction  With  VANs 

As  Exhibit  IV-5  shows,  VAN  users  have  a  very  high  level  of  overall 
satisfaction  with  their  VANs.  Over  80%  of  users  are  at  least  "Somewhat 
Satisfied"  with  VANs.  It  is  significant  that  none  of  the  users  selected  either 
"Somewhat  Dissatisfied"  or  "Very  Dissatisfied"  satisfaction  levels.  VAN  users 
will  not  easily  migrate  away  from  the  VANs  without  a  significant 
inducement. 
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5.    Current  User  Plans  for  the  Internet 

a.    Likelihood  of  Using  the  Internet  for  EDI 

VAN-EDI  users  were  asked  about  their  current  intention  to  use  the  Internet 
as  an  alternative  to  the  VAN.  Exhibit  IV-6  indicates  that  there  is  no  strong 
momentum  to  use  the  Internet  for  EDI. 
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b.    Reasons  for  Not  Using  the  Internet 

Exhibit  IV-7  shows  that  among  the  VAN  users  who  indicated  that  they  would 
not  use  the  Internet  for  EDI,  the  strongest  reason  is  the  Internet's  perceived 
lack  of  security. 


Exhibit  IV-7 
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INPUT  concludes  that  the  reason  for  this  is  that  users  do  not  yet  understand 
that  there  are  solutions  at  hand  for  solving  the  perceived  security  risks.  As 
users  come  to  understand  this,  INPUT  believes  that  this  issue  will  go  away, 
and  users  will  be  much  more  amenable  to  considering  the  Internet  an 
alternative  to  VANs. 
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c.       Likelihood  of  Continuing  to  Use  a  VAN 

Of  the  users  who  expressed  an  interest  in  using  the  Internet,  Exhibit  IV-8 
shows  those  respondents'  evaluation  of  the  Hkehhood  that  they  would 
continue  to  use  their  VAN.  It  appears  that  users  would  look  upon  the 
Internet  as  a  complementary  service  to  the  VAN  they  currently  use  for 
exchanging  EDI,  rather  than  as  an  outright  replacement.  However,  the  fact 
that  over  50%  of  respondents  were  indifferent  or  somewhat  unlikely  to 
continue  using  a  VAN  indicates  an  opportunity  for  software  and  value-added 
Internet  service  providers  (ISPs)  to  make  VAN  users  migrate  to  the  Internet. 
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Exhibit  IV-9 


d.    Expected  Cost  Savings  of  Using  the  Internet  for  EDI 

Whether  or  not  users  currently  plan  to  use  the  Internet  for  EDI,  Exhibit  IV-9 
shows  that  they  would  expect  to  save  about  10%  to  20%  on  EDI  transaction 
costs.  This  expectation  would  not  be  satisfied  for  users  on  VANs  that  adopt 
an  EDI/Internet  strategy  that  does  not  reduce  user  cost,  e.g.,  Sterling's 
COMMERCE :Network  (see  section  B.3.b). 
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6.  Conclusion 


Based  on  this  survey,  INPUT  concludes  that  users  understand  that  they  are 
receiving  valuable  services  from  the  VANs  over  and  above  the  basic  EDI 
message  service,  and  that  they  are  paying  accordingly.  Users  do  not  appear 
to  find  their  costs  out  of  line,  and  they  are  satisfied  with  the  VANs.  Although 
they  are  aware  of  the  Internet,  users  have  no  pressing  desire  to  move  away 
from  VANs  at  this  time. 


INPUT  believes  that  as  the  security  issues  are  seen  to  be  resolved,  users  will 
come  to  consider  the  Internet  in  a  more  favorable  light,  and  could  decide  to 
use  it  as  a  service  complementary  to  their  VAN  services.  The  larger  and 
more  sophisticated  users  are  already  aware  of  the  potential  of  the  Internet  to 
securely  complement  VAN  services  and  are  pushing  for  VAN/Internet 
strategies  accordingly. 
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B  

Value  Added  Networks 

1.  Business  Environment 

The  low-cost  nature  of  the  Internet  has  attracted  the  attention  of  many 
organizations  that  are  examining  how  they  can  best  address  the  two  primary 
objectives  of  hubs  regarding  EDI: 

•  Expand  the  number  of  trading  partners  with  whom  they  transact  EDI 

•  Implement  new  applications  of  the  EDI  standard 

Regarding  the  first  objective,  many  small  trading  partners  (spokes)  targeted 
by  the  hubs  believe  they  cannot  afford  to  do  EDI  through  the  VANs  at  the 
minimal  transaction  volumes  involved — VAN  fixed  costs  are  too  high  for 
them.  Using  the  Internet,  however,  reduces  these  fixed  and  transactional 
costs  significantly  for  the  smaller  trading  partner. 

Concerning  the  second  objective,  the  new  applications  of  EDI  standards  are 
oriented  toward  time-sensitive,  high-volume  data  transmissions,  such  as 
service  repair  orders,  health  claims,  etc.  VAN  pricing  schedules  are 
structured  toward  low  volumes  that  are  not  time-sensitive.  In  effect,  the 
store  and  forward  technology  that  VANs  use  is  inappropriate  for  use  in  time- 
sensitive,  high-volume  applications.  The  Internet  is  wellsuited  to  supporting 
time-sensitive  applications.  Additionally,  large  volumes  of  data  cost  little 
because  the  Internet  pricing  model  is  oriented  to  time  usage  rather  than  file 
size. 

2.  Hub  Demands 

INPUT  has  found  that  the  principal  source  of  demand  for  a  VAN  strategy  for 
Internet  connectivity  comes  from  the  VAN  hub  community.  The  interest  is 
strong  enough  that  these  hubs  are  asking  VANs  such  as  GEIS,  AT&T, 
Advantis,  and  Harbinger  to  assist  them  in  developing  credible  strategies. 

For  example,  GEIS  indicates  that  it  is  called  frequently  by  its  customersabout 
this  matter,  and  AT&T  has  found  from  its  focus  groups  that  65%  of  its  1-800 
customer  base  will  use  the  Internet  services  when  they  are  offered.  The 
principal  reason  for  this  interest  is  customers'  desire  to  enlarge  their  trading 
partner  base. 

One  of  the  primary  frustrations  of  the  large  hubs  has  been  the  difficulty  of 
increasing  the  number  of  trading  partners.  Various  strategies  have  been 
attempted  in  the  past,  including  massive  roll-out  programs,  cost 
subsidization,  periodic  training  and  information  sessions.  The  hubs  perceive 
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that  the  Internet,  with  its  open  architecture,  broad  availabihty,  and  lower 
costs,  will  give  them  the  tool  they  need  to  draw  in  more  trading  partners. 

To  draw  in  these  additional  trading  partners,  the  hubs  have  an  interest  in 
working  with  the  trading  partner  implementation  services  offered  by  the 
VANs.  The  choice  of  this  strategy  is  supported  by  the  user  survey  in  section 
A  of  this  chapter,  Exhibits  IV- 1  and  IV-4,  which  show  that  trading  partner 
implementation  assistance  is  an  important  feature  of  VAN  services. 

3.    VAN  Internet/EDI  Strategies 

For  this  report,  INPUT  interviewed  the  six  VANs  listed  in  Exhibit  IV- 10. 

Exhibit  IV-10 

VANs  Implementing  Internet  Strategies 


•  IBIVl  Global  Network  /  Advantis 

•  AT&T  EasyLink 

•  Sterling  Commerce:Network 

•  Harbinger  Net  Services 

•  GEIS 

•  Kleinschmidt 
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Each  VAN  has  a  strategy  to  meet  the  hubs'  requests  for  Internet  services. 
These  strategies  are  categorized  into  three  groups  as  follows: 

•  On-demand  connectivity 

•  Controlled  connectivity 

•  Open  connectivity 

a.   On-Demand  Connectivity 

•  In  the  first  VAN  strategy,  which  we  call  "on-demand  connectivity,"  the 
VAN  has  no  specific  service  offering  for  its  user  community  vis-a-vis  the 
Internet.  While  the  VAN  has  a  connection  to  the  Internet,  it  is  not 
robust,  and  it  is  not  actively  marketed.  VANs  in  this  category  have  seen 
little  demand  for  a  connectivity  service  and  they  do  not  see  the  benefit  of 
offering  such  connectivity  in  advance  of  such  demand.  An  example  of  a 
VAN  in  this  category  is  Kleinschmidt. 
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•  INPUT  expects  VANs  in  this  category  to  feel  the  pressure  from  their 
customers  as  they  see  the  competitive  offerings,  and  that  VANs  in  this 
category  will  soon  adopt  a  more  proactive  strategy.  INPUT  believes  that 
a  VAN  pursuing  this  strategy  long  term  may  diminish  its  chances  of 
benefiting  from  a  significant  business  opportunity. 

b.   Controlled  Connectivity 

•  An  example  of  the  next  strategy,  "controlled  connectivity,"  is  the  that 
offering  implemented  by  Sterling's  COMMERCE  :Network  services  in 
initial  offering.  Under  this  strategy,  the  VAN  allows  the  Internet  to  be 
used  as  another  means  of  accessing  its  central  data  center,  which  is 
exclusively  used  to  route  all  EDI  message  traffic.  The  EDI  messages  are 
contained  in  secure  files  that  are  transferred  via  the  FTP  protocol. 

•  To  implement  this  strategy,  the  VAN  provides  VAN-specific  software  that 
will  tunnel  through  the  Internet  to  the  VAN's  data  center,  as  illustrated 
in  Exhibit  IV- 11.  In  this  exhibit,  the  Internet-connected  trading  partner 
is  using  software  provided  by  the  VAN.  This  software  is  configured  solely 
for  the  purpose  of  using  the  Internet  in  a  manner  similar  to  a  dial-in  line. 
It  uses  a  secure  FTP  session  to  establish  a  link  with  the  data  center's 
firewall  and  gateway,  and  through  that,  with  the  EDI  messaging 
software.  Because  the  VAN  provided  the  software  that  the  customer  is 
using,  it  is  able  to  impose  a  message  security  approach  that  is  specific  to 
its  needs.  In  this  controlled  environment,  issues  such  as  key  generation 
and  key  administration  are  not  addressed,  because  the  VAN  controls  all 
parts  of  the  transmission  cycle.  The  data  center  does  not  support  the 
SMTP  protocols  normally  associated  with  Internet  EDI,  and  MIME 
attachments  are  not  needed. 
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Exhibit  IV-11 


Alternate  Ways  of  Accessing  Trading  Partners 
with  Controlled  Connectivity 


VAN 

S/W 


TRADING 
PARTNER 


FIREWALU 
GATEWAY 


TRADING 
PARTNER 


TRADING 

PARTNER 

Source:  INPUT 

•  To  acquire  the  software  and  be  able  to  use  these  VAN  services,  the  user 
contracts  with  the  VAN  in  the  same  manner  as  a  regular  VAN  user. 
Thus,  the  pricing  of  the  services  to  the  user  will  be  the  same  as  if  the 
client  were  using  one  of  the  other  dial-in  network  options  currently 
available. 

•  This  strategy  does  not  address  the  small  and  medium-sized  businesses, 
problem  of  the  cost  of  EDI  over  VANs.  As  noted  earlier,  this  has  been  an 
inhibitor  to  expanding  the  number  of  EDI  trading  partners. 
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c.    Open  Connectivity 

•  The  most  proactive  strategy,  "open  connectivity,"  is  offered  by  such  VANs 
as  AT&T  EasyLink,  Harbinger  Net  Services,  and  Advantis.  In  this 
strategy,  the  Internet  is  used  as  the  underlying  transport,  instead  of,  or  in 
parallel  with,  the  VAN's  own  network.  By  implementing  standard 
Internet  protocols,  the  VAN  can  exchange  EDI  messages  over  the 
Internet.  Trading  partners  on  the  Internet  become  an  expansion  of  the 
entire  EDI  marketplace.  The  VANs  implementing  this  strategy  are 
working  on  the  premise  that  there  will  always  be  growth  in  VAN-based 
EDI  traffic,  but  that  extensive  expansion  will  occur  on  the  Internet. 

•  To  encourage  that  growth,  these  VANs  are  racing  to  develop  and  license 
software  that  can  be  customized  to  handle  EDI  messages  for  either  VAN- 
based  or  Internet-based  trading  partners.  This  software  handles  the 
security  of  the  data,  as  well  as  enveloping  the  message  so  that  it  can  be 
delivered  according  to  the  SMTP  protocol  specification. 

•  In  contrast  with  the  Controlled  Connectivity  option  which  uses  a  file 
transfer  methodology  (FTP),  this  strategy  supports  standard  E-mail 
SMTP  and  MIME  protocols.  The  gateway  in  Exhibit  IV-12  is  installed  to 
support  message-level  interconnectivity  between  the  Internet  and  the 
VAN.  Because  the  message  originated  on  the  Internet,  and  the  gateway's 
IP  address  can  be  known  to  anyone,  security  software  is  installed  in  the 
gateway  to  manage  the  security  envelope  that  surrounds  the  EDI 
message.  This  management  function  handles  the  security  of  the  EDI 
messages,  as  well  as  message  file  encapsulation  (SMTP  or  MIME) 
compatibility  for  the  Internet.  It  is  at  this  gateway  point  that  the  VANs 
intend  to  administrate  the  keys  required  for  this  cryptographic  process, 
although  no  details  have  been  released  as  to  how  this  will  be 
accomplished. 
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Exhibit  IV-12 


Alternate  Ways  of  Accessing  Trading  Partners  with  Open 

Connectivity 


SMTP/ 
MIME 


TRADING 
PARTNER 


FIREWALLV 
GATEWAY 


SMTP/ 
MIME 


TRADING 
PARTNER 


TRADING 
PARTNER 


OTHER 
VAN 
"INTERCONNEC" 


Source:  INPUT 

Importantly,  this  strategy  does  not  restrict  the  Internet-based  customer 
solely  to  exchanging  EDI  messages  via  the  VAN's  data  center.  The  software 
options  provided  include  the  capability — that  is,  SMTP  and  MIME  support — 
to  use  the  Internet  as  the  carrier  of  EDI  messages  to  trading  partners  set  up 
to  receive  the  messages  via  the  Internet.  (As  of  today,  there  is  no 
commercially  available  package,  other  than  from  the  VAN,  to  communicate 
with  the  VAN'S  SMTP/MIME  implementation,  but  the  use  of  these  open 
protocols  will  make  that  easier  in  the  future.)  In  this  way,  data  and  message 
exchanges  that  do  not  require  the  assurance  of  the  value-added  services  of  a 
VAN  can  be  sent  over  the  Internet,  while  those  that  do  can  be  sent  to  the 
van's  data  center. 


TRADING 
PARTNER 


The  strength  of  this  strategy  lies  in  its  adherence  to  open  E-mail  standards 
and  the  fact  that  it  does  not  matter  to  the  VAN  data  center  what  software  the 
trading  partner  uses  for  EDI,  or  to  access  the  Internet.  The  trading  partner 
needs  only  concern  itself  with  the  Internet  address  of  the  VAN  data  center. 
This  is  in  contrast  to  the  controlled  connectivity  option,  where  the  user  must 
use  the  software  supplied  by  the  VAN. 

Another  component  of  this  strategy  is  the  implementation  of  a  gateway  to  the 
Internet  that  provides  the  security  procedures  and  firewall  software  to 
safeguard  VANs'  networks  from  unauthorized  access.  None  of  the 
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announcements  to  date  have  explained  whether,  or  how,  the  VANs  intend  to 
charge  for  this  Internet  gateway  service. 

Exhibit  IV-13  summarizes  the  strategies  the  surveyed  VANs  intend  to  follow. 


Exhibit  IV-1 3 

VAN  Strategies  for  the  Internet 


Strategy 

Description 

Strength 

Weakness 

VAN 

On-Demand 
Connectivity 

No  specific  service 
aligned  with  the 
Internet 

Minimizes  the  security 
threat  to  the  network's 
user  base 

Ignores  the  growth 
potential  of  attracting 
new  trading  partners 

Kleinschmidt 

Controlled 
Connectivity 

Users  securely 
connect  to  VAN  data 
center  via  the  Internet 

Provides  the  strong 
security  and  confidence 
of  a  closed  user  group 

Does  not  address  cost 
concerns  of 
small/medium-sized 
enterprises 

Sterling 
GE 

InterBusiness 

Open 

Connectivity 

Users  connect  with 
the  VAN  network 
using  SMTP/MIME 

Provides  users  with 
business  solutions,  while 
accessing  the  existing 
value-added  services 

Pricing  structure  for  the 
Web  gateway  service  is 
unknown 

IBM  Global 
Network 

Harbinger 

Source  INPUT 


4.    VAN  Strategy  Descriptions 
a.  Kleinschmidt 

Kleinschmidt's  Internet  strategy,  consistent  with  its  overall  services 
approach,  is  that  it  does  not  expend  energies  developing  new  services  in 
advance  of  specific  requests  from  clients.  Rather,  Kleinschmidt  responds  to 
client  requests,  and  clients  have  not  yet  demanded  Internet  connectivity. 

Kleinschmidt  notes  that  fewer  than  10  companies  are  currently  trading  more 
than  50  transactions  per  month  over  the  Internet.  Though  this  rate  has  been 
increasing  over  the  last  six  months,  Kleinschmidt  does  not  expect  significant 
growth  during  1996. 

In  light  of  the  user  survey  reviewed  in  section  A,  this  strategy  would  appear 
to  be  in  line  with  the  stated  intention  of  the  majority  of  the  users  who  view 
using  the  Internet  for  EDI  as  unlikely  for  their  organizations. 

However,  the  user  survey  did  indicate  that  EDI  users  are  interested  in  the 
Internet  as  a  complementary  service/strategy  to  their  VANs.  Therefore,  it 
would  appear  that  a  VAN  would  want  to  be  in  a  position  to  respond  to  this 
growing  interest. 
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b.  Sterling  COMMERCE:Network 

Sterling  COMMERCE :Network  believes  that  trading  partners  do  not  have  a 
strong  desire  to  exchange  EDI  messages  without  the  value-added  services 
available  through  a  VAN.  In  part  because  Sterling  does  not  have  its  own 
communications  network  like  other  VANs,  it  is  treating  the  Internet  as 
another  data  line  into  its  data  center.  Thus,  Sterling  is  configuring  specific 
software  to  dial  out  to  the  Internet  and  communicate  directly  via  the  File 
transfer  protocol  (FTP)  with  the  data  center.  As  with  Sterling's  current  dial- 
in  options,  this  session  would  be  secure.  This  secure  implementation  of  FTP 
is  based  on  Sterling  Software's  Dataguard  software  for  mainframe  and  UNIX 
environments,  and  on  VEIL  for  Windows-based  PC  systems. 

The  announced  strategy  includes  support  for  companies  that  wish  to 
exchange  EDI  messages,  via  the  Internet,  directly  with  other  companies  that 
are  also  on  the  Internet.  To  do  so,  though,  requires  both  of  the  trading 
partners  to  have  the  same  software.  The  EC  Gateway,  installed.  This  is 
because  of  the  proprietary  security  approach  and  the  use  of  the  FTP  standard 
to  transmit  files.  This  approach  does  not  use  SMTP  or  the  MIME/EDI 
capability;  however.  Sterling  has  announced  that  support  for  these  standards 
could  become  available  during  1996. 

In  order  to  communicate  with  the  data  center,  user  organizations  will  have  to 
be  in  a  contractual  relationship  with  Sterling's  COMMERCE  :Network. 
Sterling's  strategy  can  be  summarized  as  offering  electronic  commerce 
solutions  that  are  related  to  its  central  service  offering, 
COMMERCE  iNetwork.  This  network  strategy  appears  to  be  in  line  with 
those  users  identified  in  A  who  are  concerned  about  the  security  of  the 
Internet.  By  addressing  this  issue,  Sterling's  COMMERCE :Network  offering 
provides  those  users  with  a  secure  means  of  using  the  Internet.  This  usage, 
however,  is  within  the  context  of  the  traditional  VAN-based  message 
exchange  framework,  that  being  a  closed,  secure  network.  At  this  time, 
Sterling  reports  no  commercial  Internet/EDI  activity. 

c.  GEIS  with  the  Microsoft  Network 

A  different  approach  to  the  controlled  connectivity  strategy  is  the  GEIS  - 
Microsoft  Network  (MSN)  effort.  MSN  is  building  a  bridge  to  the  GEIS 
electronic  data  interchange  network.  Via  this  bridge,  the  MSN  small 
business  subscriber  will  be  able  to  view  a  list  of  GEIS  EDI  clients,  register 
electronically  to  exchange  EDI  messages,  and  then  download  the  required 
purchase  order  or  invoice  scripts  for  use  within  Windows  95  and  Microsoft 
Exchange.  (MS-Exchange  is  Microsoft's  new  e-mail  server.)  How  the  user 
pays  for  this  service  has  not  been  outlined  yet.  When  the  EDI  message 
arrives  at  GEIS'  Internet  gateway,  GEIS  strips  it  of  any  Internet  enveloping 
and  returns  the  EDI  message  to  its  native  format.  To  support  Intemet#EDI, 
GEIS  is  developing  a  Secure  the  Internet  EDI  offering  to  secure  EDI 
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messages  being  sent  over  the  Internet.  Currently,  GEIS  is  experiencing  a  low 
level  of  Internet  transmissions  fewer  than  10  companies.  In  February,  1996, 
GEIS  is  due  to  announce  a  more  general  Internet  strategy  called  GE 
InterBusiness.  "  ^ 

d.  Harbinger  Net  Services 

Harbinger  Net  Services  (a  joint  venture  between  Harbinger  Corp,  and 
BellSouth)  has  been  active  over  the  past  six  months  working  with  a  small 
group  of  hubs  and  customers  in  testing  the  Internet  and  its  capabilities  for 
EDI  traffic.  It  has  formally  announced  that  it  will  expand  its  trading  partner 
management  program  in  support  of  its  hubs  by  offering  Internet-based 
solutions  for  their  trading  partners.  Harbinger's  approach  is  to  treat  the 
Internet  as  simply  another  network  service  to  connect  with.  Harbinger  will 
provide  software  and  communications  services  that  support  SMTP/MIME  and 
open  security  standards.  With  this  software,  trading  partners  can  use  the 
Internet  to  send  and  receive  EDI  transaction  sets.  Although  Harbinger's 
specification  uses  open  protocols,  there  is  not  yet  any  commercially  available 
product  that  will  intercommunicate  with  Harbinger's  implementation. 

Currently,  Harbinger  reports  that  fewer  than  10  companies  are  exchanging 
EDI  over  the  Internet.  The  volumes  are  estimated  to  be  between  100  and  500 
interchanges  per  month. 

e.  AT&T 

AT&T  EasyLink  Services  is  planning  on  consolidating  its  various  on-line 
services  and  creating  a  common  hosting  and  transaction  platform  for  those 
services.  Renamed  as  EasyCommerce  Services,  it  will  act  as  a  hosting 
platform  for  EDI  and  electronic  commerce.  While  a  complete  announcement 
of  policy  is  expected  early  in  1996,  AT&T  EasyCommerce  intends  to  provide 
integrated  EDI  capability  and  clearance  of  payment  transactions  in  the  latter 
part  of  1996. 

f.  Advantis/IBM  Global  Network 

IBM  is  positioning  its  Global  Network  (of  which  Advantis  is  the  U.S. 
provider)  as  providing  global  access.  It  will  connect  customers  through  its 
network  to  the  Internet.  Advantis'  Internet-oriented  services  are  called  the 
IBM  Internet  Connection.  During  1996,  IBM  will  be  deploying  EDI— 
compatible  services  that  will  support  the  SMTP/MIME  protocols.  IBM  has 
targeted  the  small  and  medium-sized  business  community  for  the  initial 
thrust  of  this  service  offering  by  establishing  a  software  integration  services 
group. 

Two  distinguishing  characteristics  of  the  IBM  and  AT&T  offerings  are  that 
they  offer  continuous,  worldwide  support  and  they  are  focused  on  helping 


EESM 


©  1996  by  INPUT.  Reproduction  Prohibited. 


39 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


resolve  the  challenge  of  integrating  a  company's  Internet  presence  with  its 
back-end  legacy  systems. 

5.    Market  Forecast 

Exhibit  IV-14  shows  the  U.S.  EDI  network  services  market.  Growth  will 
continue  at  about  19%  CAGR.  The  momentum  for  EDI  is  strong,  because 
corporate  business  process  rationalization  will  continue  to  support  the 
expansion  of  EDI. 


EDI  Network  Services  Market 


1995 
($M) 

1996 
($M) 

1997 
($M) 

1998 
($M) 

1999 
($M) 

2000 
($M) 

1 995-2000 
CAGR% 

Traditional  VAN  Services 

340 

411 

488 

580 

660 

730 

17% 

Internet-related  VAN  services 

0.2 

5 

12 

40 

90 

200 

298% 

TOTAL  VAN  Service  revenue 

341 

416 

500 

620 

750 

930 

22% 

Source:  INPUT 


INPUT  forecasts  that  VAN  revenue  growth  derived  from  Internet  EDI  will  be 
very  strong,  at  nearly  300%  (although  percentages  are  not  too  meaningful 
because  of  the  low  starting  point).  This  forecast  is  based  in  large  part  on  the 
strong  commercial  interest  in  Internet  EDI  and  the  potential  that  it  has  to 
increase  spoke  participation  in  EDI.  It  is  predicated  upon  the  confidence  of 
the  user  population  in  the  potential  security  mechanisms  for  the  Internet 
increasing  as  familiarity  grows. 

Even  though  300%  is  strong  growth,  it  is  not  as  high  as  the  quantum  leap  in 
the  EDI  services  market  that  has  long  been  predicted  by  some  pundits. 
INPUT  believes  that  the  Internet  will  have  a  much  bigger  impact  on 
electronic  commerce,  but  not  necessarily  through  the  EDI  medium. 

6.   Summary  of  VAN  Strategies 

To  summarize,  INPUT  believes  that: 

•  VAN  announcements  in  1995  are  a  strong  statement  of  the  seriousness 
with  which  they  believe  Internet  EDI  should  be  taken. 

•  1995  was  a  year  of  initial  interest  and  testing  of  ideas. 

•  1996  will  be  the  year  that  formal  offerings  will  be  in  place. 

•  Late  1996  and  1997  will  see  the  Internet  EDI  market  take  off. 
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VANs  believe,  and  the  INPUT  user  survey  supports,  that: 

•  Pricing  of  VAN  services  is  not  an  issue  that  is  driving  a  large  number  of 
users  to  the  Internet.  Users  understand  the  value  of  the  services  they 
receive. 

•  Users  do  not  have  a  strong  interest  in  the  Internet  unless  the  value-added 
services  currently  offered  by  the  VANs  are  also  available. 


EDI  Software  Vendors 

1.  Business  Challenge 

EDI  translation  software  vendors  will  need  to  provide  Internet-compatible 
functionality  so  that  companies  can  use  the  Internet  for  the  exchange  of  EDI 
transaction  sets.   Support  for  SMTP  and  MIME/EDI  protocols  and  public  key 
cryptography  are  widely  required  features.  To  date,  only  Premenos  has  made 
such  a  product  available.  Premenos'  Templar  uses  the  SMTP/MIME 
protocols  to  transport  an  EDI  message,  and  secures  it  using  encryption  and 
digital  signature  routines. 

2.  VAN-Independent  Software  Vendor  Strategies 

Exhibit  rV-15  lists  non-VAN-related  EDI  translation  software  vendors  who 
have  announced  an  Internet  strategy. 


Exhibit  IV-15 


Internet/EDI  Software  Vendors 


APL  Group 

DNS  Worldwide 

Premenos 

St.  Paul  Software 

Supply  Tech 

TSI  International 


Source:  INPUT 


Strategies  include: 

•  Leveraging  the  current  screen  form  orientation 

•  Enabling  communications  modules  to  communicate  with  the  Internet 
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•  Providing  secure  Internet  services  for  EDI 

a.  Leverage  Forms  Strategy 

•  A  number  of  PC-based  EDI  translation  software  products  have  followed  a 
screen  forms-oriented  technology  that  provides  a  custom  screen 
development  environment  for  viewing  EDI  data.  This  is  the  strategy  that 
Supply  Tech  has  used  with  great  success  in  the  marketplace.  In  this 
scenario,  the  user  creates  a  data  screen  that  presents,  or  accepts,  data 
received  from,  or  destined  to,  an  EDI  message.  This  approach  was  not 
designed  to  work  within  environments  where  integration  to  legacy 
application  systems  was  required.  With  this  software,  users  print  the 
form  and  rekey  the  data  into  their  legacy  systems.  Supply  Tech  is  looking 
to  market  a  new  design  of  its  proprietary  screen  entry  system  as  an 
alternative  data  entry  framework  for  use  over  the  Internet.  With  the 
number  of  PC  products  that  currently  handle  forms  data  entry  (for 
example,  JetForm),  Supply  Tech  will  find  stiff  competition  becauese  users 
may  not  see  any  incremental  benefit  to  using  proprietary  software. 

b.  Internet  Communications  Enabling 

•  The  Internet  strategy  currently  followed  by  St.  Paul  Software  is  to  enable 
its  software  to  communicate  with  the  Internet.  This  is  the  same  approach 
used  to  enable  its  software  to  communicate  with  any  of  the  VANs. 

•  It  is  a  very  direct  approach  that  does  not  have  any  security  capability,  and 
does  not  appear  to  support  the  SMTP/MIME  protocols.  Also,  it  would 
seem  to  indicate  that  St.  Paul's  users  do  not  require  access  to  the  types  of 
services  VANs  offer,  and  simply  want  the  product  to  connect  with  the 
Internet.  It  would  seem  that  St.  Paul  Software  is  following  this  approach 
while  it  evaluates  the  development  of  a  more  robust  Internet  strategy. 

•  For  the  moment,  this  approach  does  not  impose  any  changes  on  users  and 
the  EDI  strategies  that  the  users  follow,  because  it  is  simply  adding  a 
different  communications  script  to  the  product. 

c.  Secure  EDI  Module 

Neither  of  the  first  two  strategies  addresses  the  security  concerns  that  users 
have  about  doing  EDI  over  the  Internet.  To  send  EDI  transaction  sets  over 
the  Internet  reliably,  the  message  file  should  be  made  secure.  Premenos' 
recently  released  product.  Templar,  is  representative  of  this  new  generation 
of  EDI  products  for  the  Internet.  Templar's  design  is  based  on  existing 
standards,  but  since  there  is  as  yet  no  industry  agreement  on  which  of  the 
multiple  standards  to  use  for  this  purpose.  Templar  cannot  be  said  to  be  a 
"standard"  approach.  As  such,  it  has  come  under  some  criticism  (perhaps 
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unfairly)  as  being  a  proprietary  approach,  since  a  copy  of  Templar  is  needed 
at  each  end  of  the  connection. 

Templar  uses  public  key  cryptography,  and  the  cryptographic  keys  used  must 
be  certified.  This  would  normally  be  done  by  a  trusted  third  party,  also 
known  as  a  Certification  Authority  (CA).  However,  these  CAs  are  not  in  wide 
operation  at  this  time.  Thus  it  is  not  possible  for  a  user  to  get  independent 
certification  of  the  keys  being  used  by  Templar.  To  get  around  this,  the  two 
Templar  installs  certify  each  other. 

To  broaden  the  use  of  secure  EDI  over  the  Internet,  Templar  is  available  for 
licensing  by  other  EDI  software  companies.  Late  in  1995,  DNS  Worldwide, 
APL  Group  and  TSI  International  announced  that  they  had  licensed  the 
Templar  technology  for  inclusion  in  their  products. 

3.  Vendor  WWW  Strategies 

The  EDI  translation  software  companies  have  stated  that  they  feel  they 
would  experience  significant  market  growth  if  they  were  to  integrate  their 
EDI  translation  software  with  web  server  applications.  Their  objective  is  to 
provide  the  enabling  tools  that  will  permit  Web-based  vendors  to  support 
electronic  commerce  more  robustly  over  the  WWW. 

•  EDI  Web  integration  tools  allow  commercial  Web-site  software  vendors 
quickly  and  easily  to  build  connectivity  between  their  servers  and  EDI 
transaction  sets.  TSI  and  St.  Paul  Software  are  preparing  product 
offerings  for  Web  server  vendors. 

•  As  one  of  the  first  companies  to  make  an  announcement,  Premenos  will  be 
releasing,  in  early  1996,  a  product  that  will  enable  small  to  large 
organizations  to  create  EDI  transactions  fi"om  their  WWW  sites. 

4.  VAN  Translation  Software  Strategies 

VANs  that  have  developed  Internet  strategies  complying  with  the  "controlled 
connectivity"  or  "open  connectivity"  models  have  compatible  software 
strategies  as  described  in  section  B.3  above. 
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5.    Market  Forecast 

Exhibit  IV-16  shows  the  U.S.  EDI  software  market  and  forecast.  Growth  in 
the  EDI  software  market  will  continue  to  be  strong.  As  the  VANs  continue 
their  penetration  into  the  marketplace,  EDI  software  vendors  will  benefit 
from  users,  need  for  EDI  software.  This  is  what  is  referred  to  as  "traditional 
EDI  software  for  VANs." 


Exhibit  IV-16 

EDI  Software  Market  and  Forecast 


1995 

1996 

1997 

1998 

1999 

2000 

1 995-2000 

($M) 

($M) 

($M) 

($M) 

($M) 

($M) 

CAGR% 

Traditional  EDI  S/W  for  VANs 

134 

155 

178 

200 

214 

222 

11% 

Internet  S/W  (VAN-Related) 

0 

2 

6 

18 

40 

80 

N/A 

Internet  S/W  (non-VAN) 

0 

3 

6 

12 

22 

40 

N/A 

TOTAL  EDI  S/W 

134 

160 

190 

230 

280 

342 

21% 

Source:  INPUT 


Based  on  strong  corporate  demand  for  VAN-related  Internet  EDI  services, 
and  expansion  of  WWW-based  sales  sites,  sales  related  to  the  use  of  the 
Internet  will  grow  very  rapidly,  as  shown  in  Exhibit  IV-16.  To  some  degree, 
these  are  cannibalizing  the  traditional  software  sales. 

The  non-VAN  Internet  software  sales  are  for  standalone  products  such  as 
Templar  from  Premenos.  Consistent  with  INPUT'S  finding  that  most  users 
will  use  Internet  EDI  in  a  way  that  co-exists  with  their  VAN  usage  (rather 
than  replacing  VANs),  INPUT  is  forecasting  that  this  standalone  approach 
will  result  in  about  9.5%  of  the  total  software  market  by  2000. 

There  are  additional  revenues  available  to  the  EDI  software  companies  for 
the  sale  of  EDI  software  to  the  World  Wide  Web  (WWW)  server  vendors  to 
automate  the  back-end  connection  from  the  server  to  the  fulfillment 
processors.  This  is  a  very  significant  new  opportunity  that  is  discussed  in 
detail  in  Chapter  V  of  this  report,  and  forecasted  in  Exhibit  V-3. 
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6.    Summary  of  EDI  Software  Vendor  Strategies 

The  vendors  and  their  strategies  are  summarized  in  Exhibit  IV- 17.  To  date, 
only  three  of  these  companies  (TSI,  St.  Paul  Software  and  Premenos)  have 
demonstrated  the  potential  for  Web  server  integration. 

Considerable  growth  is  expected  from  the  WWW  marketplace,  and  EDI 
translator  software  vendors  have  the  opportunity  to  consider  how  they  can 
assist  and  participate  in  this  growth. 


Exhibit  IV-17 

EDI  Software  Developer  Strategies 


Strategy 

Strength 

Weakness 

Vendor  Example 

Leverage  Forms  Strategy 

simplifies  user  interface 

proprietary 

Supply  Tech 

Internet  Communications 
Enabling 

enables  quick  and  easy 
communications  with  the 
Internet 

does  not  address 
security  issues 

St.  Paul  Software 

Secure  Module 

addresses  security  issue 
of  the  Internet 

can  be  licensed  to  other 
EDI  S/W  products 

based  on  open  systems 
standards 

requires  products  at 
both  ends  of  the 
connection 

Premenos 

TSI  International 

DNS  Worldwide 

APL  Group 

Controlled  Connectivity 

highly  secure 

ensures  delivery  and 
integrity 

imposes  differing 
communications 
approaches  to  the 
Internet 

Sterling 

Open  Connectivity 

Internet-capable  user 
software 

Harbinger  Net 
Services 

Source:  INPUT 
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P  

Value  of  Goods  and  Services  Traded  Using  Internet  EDI 

Exhibit  IV- 18  shows  the  market  and  forecast  for  the  worldwide  value  of  goods 
and  services  traded  using  EDI. 


Exhibit  IV-1 8 

Value  of  Goods  and  Services  Traded  Using  EDI 


1995 

1996 

1997 

1998 

1999 

2000 

1995-2000 

($B) 

($B) 

($B) 

($B) 

($B) 

($B) 

CAGR% 

Traditional  VAN  EDI 

130 

151 

179 

208 

240 

277 

16% 

Internet-related  VAN  EDI 

0 

0.2 

2 

10 

30 

70 

N/A 

Internet  (non-VAN)  EDI 

0 

1 

3 

7 

20 

36 

N/A 

TOTAL  G&S  SOLD 

130 

152 

184 

225 

290 

383 

24% 

Source:  INPUT 


The  first  line  shows  the  future  for  the  traditional  VAN  activity  (i.e.,  not  using 
the  Internet).  This  growth  rate  is  slower  than  that  currently  being 
experienced  because  of  partial  cannibalization  of  the  Internet  activity. 

The  Internet-related  VAN  EDI  line  shows  the  value  of  goods  and  services  sold 
through  the  Internet  offerings  of  the  VANs.  The  Internet  non-VAN  EDI  line 
shows  goods  and  services  sold  without  VAN  intervention,  for  example  via 
products  such  as  Templar.  The  non-VAN-related  sales  are  significantly  lower 
than  the  VAN-related  sales,  consistent  with  INPUT'S  finding  that  most  users 
will  have  an  Internet/EDI  strategy  that  co-exists  with  their  VAN  usage. 
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E  

Current  EDI  Activities  on  the  Internet 

1.  Findings 

INPUT  found  significant  existing  activity  in  the  implementation  of  EDI  over 
the  Internet.  The  projects  shown  in  Exhibit  IV-19  range  in  status  from 
production  systems  to  beta  test  situations.  From  the  interviews  INPUT 
conducted,  it  would  appear  that  there  is  gathering  momentum  to  use  the 
Internet  for  the  transmission  of  EDI  documents. 


Exhibit  IV-19 

EDI  Activities  over  the  Internet 


Sector 

EDI  Transactions 

Status 

Participants 

Education 

Transcripts  and  related 
documentation 

Production 

Universities  and  colleges,  such  as  the 
University  of  Texas 

Research  Libraries 

Subscription  and 
Purchase  Publications 
Orders  and  Payments 

Partial 
Production 

Universities,  Colleges  and  Corporations, 
such  as  U.C.  Berkeley 

Government 

Requests  for  Quote 
Purchase  Orders 
Contract  Awards 
Invoicing 

Payments 

Production 
Production 
Production 
Testing 

Testing 

Government  agencies,  LLNL,  and  VANs 

Government  agencies,  LLNL,  and  VANs 

Government  agencies,  LLNL,  and  VANs 

Government  agencies,  LLNL,  and  VANs, 
FedEx 

Government  agencies,  LLNL,  VANs,  Bank  of 
America,  Banc  One 

Commercial 

Purchase  Orders 

Production 

AVEX,  National  Semiconductor,  NASA 

Retail  Industry 

Sales  Statistics  and 
Forecasts 

Testing 

Textile  industry  and  Idaho  National 
Engineering  Laboratory 

Contract  Servicing 
Industry 

Product  Service,  Claims 
and  Work  Orders 

Testing 

Hardware  contract  service  companies 

Source-.INPUT 

The  respondents  acknowledged  that  security  and  confidence  of  delivery  are 
prime  concerns  (where  security  mechanisms  are  not  in  place).  However,  they 
unanimously  feel  that  the  security  solutions  currently  available  are  adequate 
for  their  purposes  and  that  proper  systems  design  overcomes  the  issue 
surrounding  uncertainty  of  delivery  on  the  Internet. 

As  the  interviews  indicated,  the  participants  took  different  approaches  to 
security.  For  example,  the  payments  pilot  at  LLNL  with  Banc  One  and  Bank 
of  America  uses  public  key  encryption,  with  digital  signature,  while  the 
textile  industry  project,  where  no  security  is  used,  relies  on  the  software  to 
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ensure  complete  delivery  of  the  data  through  timing  and  confirmation 
verification  steps. 

Exhibit  IV-20  lists  the  issues  that  are  most  ofi;en  cited  as  reasons  not  to  use 
the  Internet  for  EDI,  and  how  the  participants  addressed  them. 


Exhibit  IV-20 

Issues  of  EDI  over  the  Internet 


issue 

Resolution 

Security  of  the  Data 

Templar,  PEM,  S/MIME 

Authentication  of  Sender 

SMTP  authentication  of  "From" 
Public  Key  /  Digital  Signature 
Templar 

Assurance  of  Delivery 

Software  redundancy, 

Timing  cycle  for  receipt  of  confirmation 
message 

Templar 

Source:  INPUT 


INPUT  found  that  the  primary  problem  these  participants  face  is  that  there 
is  a  user  perception  that  the  Internet  is  neither  reliable  nor  secure.  The 
project  experiences  to  date  indicate  that  it  is  possible  to  transact  EDI  over 
the  Internet,  and  to  do  so  successfully,  notwithstanding  these  issues. 

Another  proposed  approach  to  exchanging  EDI  transaction  sets  is  to  use  FTP, 
or  file  transfer  protocol.  Although  this  protocol  can  address  the  security  and 
timeliness  issues,  it  imposes  additional  application  software  requirements 
and  a  higher  level  of  resource  management  at  both  ends  of  the 
communication.  The  company  that  is  maintaining  the  EDI  FTP  site  would 
also  be  responsible  for  maintaining  the  trading  partners,  and  issuing  and 
refreshing  passwords  and  ID  codes. 
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Exhibit  IV-21  details  the  security  strategy  for  Internet  EDI  initiatives  from 
Exhibit  IV-19. 


Exhibit  IV-21 

Security  Strategies  for  Internet  EDI  Implementations 


Sector 

EDi  Transactions 

Security  Level 
Implementation 

Education 

Transcripts  and  related 
documentation 

Clear  Text 

Research  Libraries 

Subscription  and  Publications 
Purchase  Orders  and 
Payments 

Secure 

Government 

Requests  for  Quote 

Clear  Text 

Purchase  Orders 

Clear  Text 

Contract  Awards 

Clear  Text 

Invoicing 

Secure 

Payments 

Secure 

Commercial 

Purchase  Orders 

Clear  Text  and  Secure 

Textile  Industry 

Sales  Statistics  and  Forecasts 

In  the  future 

Contract  Servicing 
Industry 

Product  Service,  Claims  and 
Work  Orders 

Testing 

Source:INPUT 

In  all  cases,  the  surveyed  participants  ranked  their  reasons  for  using  the 
Internet.  These  included: 


•  Cost  reduction — The  volumes  of  data  that  are  involved  in  each  of  these 
initiatives  is  considerable.  The  cost  to  establish  these  initiatives  over  a 
VAN  would  have  been  prohibitive.  In  one  project,  the  estimated  savings 
over  a  three-year  period  are  projected  to  be  $1.5  million. 

•  Speed  and  timeliness  of  communications — In  many  applications  there  is  a 
need  to  send  data  in  near  real-time.  To  achieve  these  goals  would  be 
prohibitively  expensive  if  a  VAN  were  used,  due  to  the  cost  of  operating  a 
dedicated  line.  INPUT's  survey  found  that  the  majority  of  the 
participants  had  already  installed  high-bandwidth  connections  to  the 
Internet,  such  as  T-1  and  T-3  lines.  Thus,  it  was  a  simple  matter  of 
implementing  the  appropriate  EDI  software. 
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•  Reliability — Reliability  is  an  important  issue  for  time-sensitive  documents 
such  as  payment  instructions.  While  acknowledging  the  fact  that  the 
distributed  nature  of  Internet  resources  can  be  problematic,  the 
respondents  have  not,  through  the  practical  experience  of  these  projects, 
found  there  to  be  any  significant  problems  with  reliability  of  delivery. 

Participants  fully  intend  to  expand  the  number  of  trading  partners  that 
connect  via  the  Internet.  As  experience  with  the  Internet  grows,  they  will 
initiate  the  migration  of  trading  partners  from  VANs  to  the  Internet  over  the 
next  four  to  five  years.  The  primary  reasons  for  this  are  cost  effectiveness  of 
Internet  technology  and  the  Internet's  ease  of  use. 

Issues  of  security  and  delivery  are  paramount  in  many  users'  minds. 
However,  INPUT'S  survey  found  that,  in  the  commercial  application  of  EDI 
over  the  Internet,  users  that  report  sending  EDI  data  in  the  clear  have  found 
no  problem  with  this  approach.  Further,  authentication  of  the  sender  was 
accomplished  by  examining  the  "From:"  field  in  the  message  envelope. 

Even  though  INPUT  believes  that  this  is  not  the  most  secure  means  of 
authentication,  as  it  is  easy  for  an  attack  to  be  made  on  the  mail  envelope, 
there  are  situations  in  which  security  is  not  a  concern  and  users  are 
experiencing  no  problems.  INPUT  believes  that  this  approach  is  too  risky  for 
sending  pajonent  instruction  messages,  however, 

2.    Case  Studies 

a.    Lawrence  Livermore  National  Laboratory  and  Bank  of  America 

This  EDI  pilot  involves  payment  instruction  from  LLNL  to  the  BoA  based  on 
approved  FedEx  invoices  processed  by  LLNL.  The  mechanism  involves  the 
encrypting  of  an  E-mail  message  that  contains  the  EDI  payment  instruction 
(X12-820).  The  pilot  involves  about  10  freight  carriers,  like  FedEx,  fi-om 
whom  LLNL  receives  over  30  invoices  per  week. 

The  principal  reason  for  this  effort  is  cost  reduction.  Also,  BoA,  Banc  One, 
and  LLNL  expect  that  this  effort  will  prove  that  Internet-based  EDI  is 
secure,  reliable  and  convenient.  By  using  public  key  encryption  and  digital 
signatures,  non-repudiation  of  the  transaction  is  achieved.  LLNL  estimates 
that  this  will  cut  communications  cost  by  over  25%  and  achieve  better,  on- 
time  performance. 

A  high  level  of  security  is  achieved  by  placing  limits  on  the  length  of  time 
passwords  remain  usable.  By  implementing  this  approach  along  with  an 
electronic  confirmation  process,  the  participants  believe  that  the  exposure  to 
a  hacker's  attempts  is  greatly  reduced. 
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b.  Banc  One-RoweCom 

Banc  One  and  RoweCom  have  collaborated  to  provide  university  and 
corporate  research  libraries  with  an  integrated  ordering  and  payment  system 
that  operates  on  the  Windows  platform.  RoweCom,  as  a  broker  for  a  wide 
variety  of  book  and  magazine  publishers,  has  developed  a  GUI  frontend  that 
lets  the  librarians  choose  the  books  and  publications  required.  Upon 
completion,  a  payment  instruction  message  (820)  is  constructed  listing  the 
items  purchased  and  including  the  numeric  identifier  of  the  purchasing 
library.  Security  is  achieved  through  SSL  between  the  front-end  software 
and  the  Open  Market  server.  The  message  is  also  digitally  signed  using  a 
132-bit  key. 

The  message  is  sent  via  the  Internet  to  Open  Market's  Merchant  Solution, 
where  the  order  is  validated  as  being  from  a  certified  purchaser.  The  order 
data,  the  same  820,  is  passed  onto  RoweCom  and  Banc  One  for  execution.  At 
Banc  One,  the  numeric  identifier  is  used  to  build  the  payment  clearance 
information. 

At  present,  10  to  15  libraries  and  two  or  three  publishers  are  involved,  with  a 
full  roll-out  to  start  in  February  1996.  To  date,  transaction  volumes  have 
increased  to  one  million  orders.  RoweCom  expects  to  clear  up  to  eight  million 
orders  in  1996.  The  next  phases  will  involve  the  claims  process  for  lost  issues 
or  replacement  books  and  the  fulfillment  process. 

Banc  One  and  RoweCom  chose  the  Internet  because  their  client  base  was 
already  Internet  capable  and  cost  conscious. 

c.  Victor-Dana 

Victor-Dana  is  an  automotive  industry  supplier.  It  is  using  the  Internet  to 
communicate  with  its  suppliers.  The  decision  to  use  the  Internet  was  based 
on  the  need  for  immediate  connectivity  between  manufacturing  systems. 
Victor-Dana  is  receiving  Advanced  Ship  Notices  (856)  and  sending  out 
Planning  Schedule  and  Release  (832)  messages.  So  far,  this  is  being  done 
with  two  trading  partners,  with  a  volume  of  500  messages  per  month. 

As  security  in  these  messages  is  a  minimal  requirement,  the  EDI  messages 
are  left  in  the  clear,  within  the  SMTP  envelope.  MIME  attachments  are  not 
being  used.  When  delivery  of  the  message  is  not  assured,  a  print  image  file  is 
created  and  faxed  to  the  supplier.  For  large,  binary  CAD  files,  Victor-Dana 
and  its  suppliers  are  using  FTP.  The  current  plan  is  to  expand  the  number  of 
trading  partners  and  to  implement  other  EDI  transaction  sets,  such  as  the 
Test  Results  message  (863). 

Victor-Dana  is  using  the  Internet  due  to  the  lower  cost  of  transferring  large 
binary  files,  and  to  the  timeliness  of  delivery. 
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3.  Summary 

INPUT  concludes  that  the  lowcost  and  flexibihty  of  the  Internet  has  opened 
new  avenues  of  technology  to  meet  business  needs.  Commercial  and 
government  organizations  that  have  examined  the  enabling  technologies  of 
the  Internet  have  concluded  that  it  is  a  viable  business  communications 
medium.  However,  the  applications  involved  are  not  necessarily  typical,  so 
these  conclusions  are  not  to  be  too  generally  applied. 


Anticipated  Evolution 

Exhibit  IV-22  lists  INPUT'S  view  of  the  anticipated  evolution  of  this  market 
sector. 


Exhibit  IV-22 

Anticipated  Evolution 


•  ISPs  upgrade  value-added  services 

•  EDI  translator  -  WWW  server  integration 

•  Closer  supplier-customer  ties  enabled 


Source:  INPUT 

Internet  service  providers  (ISPs)  do  not  have  the  service  and  support 
infrastructure  that  the  VANs  have.  Nor  does  SMTP  have  all  of  the  message 
acknowledgment  capabilities  that  closed  electronic  mail  systems,  such  as 
AT&T  Easyhnk  or  cc:Mail,  have. 

These  service  and  support  issues  are  being  addressed  as  ISPs  such  as 
UUNET,  Netcom  and  PSI  gain  size  and  funding  to  be  better  positioned  to 
provide  truly  national  customer  service.Also  a  draft  update  to  the  SMTP 
standard  has  been  published  that  addresses  the  acknowledgment  capability. 

The  future  is  clearer  for  the  EDI  translation  software  companies.  With  the 
significant  increase  in  the  number  of  companies  doing  EDI  over  the  Internet, 
there  will  be  a  similar  increase  in  demand  for  translation  software.  However, 
this  demand  will  only  be  addressable  by  those  vendors  who  make  their 
software  Internet  capable. 

INPUT  concludes  that  EDI  software  will  be  seen  more  rarely  as  a  stand-alone 
process,  and  more  frequently  as  a  built-in  process  as  client  server  technology 
spreads. 

EDI  on  the  Internet  will  increase  as  companies  come  to  better  understand  the 
business  model  that  underpins  it.  Standards  for  security,  assurance  of 
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delivery  and  the  time-sensitive  nature  of  the  Internet  will  be  the  prime 
factors  that  will  encourage  commercial  and  other  organizations  seriously  to 
evaluate  the  role  of  the  Internet  as  a  carrier  of  EDI  transaction  data. 

Over  the  past  few  years,  just-in-time  manufacturing  and  inventory 
management  has  become  widely  implemented.  This  has  engendered  closer 
business  relationships.  The  next  step  is  for  businesses  to  use  the  Internet  to 
make  each  other's  manufacturing,  or  sales  and  inventory  systems  visible  to 
each  other's  application  systems.  This  could  be  accomplished  by  extending 
the  capabilities  of  the  current  automated  systems  to  include  the  ability  to 
format  and  send  out  an  EDI  message,  secured  according  to  Internet 
standards. 

input's  survey  reveals  a  high  degree  of  interest  in  using  the  Internet  to 
close  the  cycle  of  resource  acquisition  and  payment.  The  resolution  of  user 
perceptions  concerning  Internet  reliability  and  security,  and  the 
establishment  of  standards  that  developers  can  write  to,  will  further 
encourage  the  growth  of  electronic  commerce  over  the  Internet. 
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Commerce  Over  the  World  Wide 
Web 


This  chapter  examines  electronic  commerce  activity  over  the  World  Wide 
Web.  It  discusses  how  electronic  commerce  is  supported  by  WWW  software 
vendors,  the  experiences  of  vendors  on  the  WWW,  and  the  payment 
mechanism  alternatives  that  are  available  to  buyers  of  goods  and  services. 

•    INPUT  interviewed  eight  Web  server  vendors,  such  as  Open  Market, 
SpyGlass  and  Frontier  Technologies,  and  14  organizations  that  market 
through  Web  servers,  such  as  CDNow,  the  Internet  Shopping  Network 
and  Branch  Mall. 


Business  Environment 

To  date,  the  WWW  has  seen  consumer-oriented  commerce  predominate. 
Over  the  next  five  years,  INPUT  forecasts  that  business-to-business 
commerce  will  become  dominant  over  the  WWW.  This  is  discussed  in  detail 
in  a  companion  report  by  INPUT,  Electronic  Catalogs,  Web  Storefronts  and 
Internet  Malls.  The  commercial  activities  on  the  Internet  parallel  those  of 
the  television  shopping  networks,  the  800  telephone  number  sales  medium, 
and  the  electronic  malls  of  on-line  services,  such  as  CompuServe. 

Today,  over  30  million  users  have  access  to  the  Internet.  This  represents 
significant  potential  for  electronic  commerce  applications.  With  close  to 
100,000  domains  available  worldwide,  the  quantity  of  information,  goods  and 
services  is  vast,  opening  up  commercial  opportunities  for  the  sale  and 
distribution  of  this  information. 

As  an  example  of  the  opportunities  for  sales  growth  and  the  heightening  of 
organizations'  profiles,  on-line  book  stores  have  found  great  success  on  the 
Internet.  Additionally,  smaller  businesses  such  as  Virtual  Vineyards  have 
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been  able  to  contact  their  customers  more  easily  and  to  provide  their 
customers  with  better  service. 

input's  survey  found  four  issues  that  Web  server  vendors  and  Web-based 
vendors  face  in  their  efforts  to  promote  electronic  commerce  on  the  WWW: 

•  The  user  perception  that  the  Internet,  and  by  extension  the  WWW,  lacks 
adequate  security 

•  Enhancement  of  server  and  browser  software  performance  in  areas  such 
as  graphic  file  downloads 

•  Extended  features  for  Web  sites  and  back  offices,  such  as  integration  with 
in-house  application  systems 

•  Technologies  and  strategies  that  vendors  on  the  Web  can  use  to 
distinguish  themselves  from  other  sites  so  that  they  can  maintain  a 
competitive  edge  and  retain  their  customers 

B  

Web  Server  Vendors 

Companies  that  have  a  presence  on  the  WWW  are  becoming  more 
sophisticated.  It  is  no  longer  sufficient  to  be  on  the  WWW,  but  now  it  is 
increasingly  important  to  be  seen  to  be  accomplishing  something  with  that 
presence. 
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In  response  to  these  changing  expectations,  Web  server  vendors  are 
implementing  new  capabihties  and  features.  Exhibit  V-1  shows  the  major 
Web  server  vendors,  and  Exhibit  V-2  shows  the  new  features  being 
implemented.  Those  in  Exhibit  V-2  -  Group  II  will  support  and  enhance  the 
ability  to  conduct  electronic  commerce  over  the  WWW. 


Exhibit  V-1 

Web  Server  Vendors 


•  Open  Market 

•  Spyglass 

•  O'Reilly  and  Associates 

•  Netscape 

•  Frontier  Technologies 

•  The  Internet  Factory 

•  IBM 

•  Process  Software 


Source:  INPUT 

1.    Vendor  Strategies 

The  Web  server  industry  is  young,  having  only  started  in  1991  when  the 
HTTP  and  HTML  protocols  were  released  at  CERN  in  Switzerland.  By  mid- 
1993,  the  first  version  of  the  Mosaic  browser  was  released.  In  the  ensuing 
two-and-a-half  years,  the  browser  market  has  seen  many  changes  and 
additions  to  the  feature  set,  along  with  enhancements  to  the  performance  of 
the  server  and  browser  software. 

In  their  initial  release,  the  browsers  made  it  easier  to  access  information 
pages  put  up  on  the  Internet  by  researchers  and  academicians  using 
HTTP/HTML  protocol  and  formatting  standards.  Now  they  are  supported  by 
add-on  software,  supporting  digital  cash,  scripting  languages  and  animation, 
for  example. 
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Exhibit  V-2  lists  some  of  the  features  that  the  Web  server  vendors  have 
implemented  to  date  (Group  1),  and  those  that  are  now  being  developed 
(Group  2). 


Exhibit  V-2 

Evolution  of  Web  Server  Features 

Group  I  -  Recently  Released 

•  Access  HTML  pages 

•  Allow  for  bookmarks 

•  Allow  for  list  creation 
Group  II  -  For  Future  Release 

•  Full  development  suite 

•  Integration  API  beyond  CGI 

•  EDI  integration 

•  Security  and  Commerce  Protocol  support 

Source:  INPUT 

Typically,  technology  developments  move  through  three  discrete  phases: 

•  Proof  of  concept 

•  Feature  enhancement  and  extension 

•  Market  maturity 

It  is  useful  to  track  the  development  of  server  and  browser  technology 
through  these  phases.  The  industry  has  not  yet  arrived  at  the  characteristic 
step  of  consolidation  that  marks  the  market  maturity  phase. 

2.    Technology  Development  Phases 

a.  Phase  I — Proof  of  Concept 

In  Phase  I,  the  developers  of  the  WWW  browsers  concentrated  on  improving 
upon  the  initial  Mosaic  design,  such  as  adding  in  features  for  bookmarking 
(the  process  of  saving  in  a  local  file  a  Web  page's  unique  address  or  URL), 
custom  hot  list  creation  and  faster  graphic  file  downloads.  Though  these 
efforts  did  not  address  security  or  performance  enhancements,  they  were  very 
successful  in  proving  the  WWW  concept  to  users. 

b.  Phase  11^ — Feature  Enhancement  and  Extension 

When  Netscape  Navigator  was  released  in  the  fall  of  1994,  it  included  a 
technology  called  Secure  Sockets  Layer  (SSL).  SSL,  for  the  first  time, 
allowed  Web  site  managers  (Webmasters)  to  secure  commercial  transactions 
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over  the  Web.  Up  to  that  point,  security  over  the  WWW  had  not  been 
addressed. 

Additionally,  the  market  has  seen  the  release  of  progressively  smarter  and 
faster  servers  and  browsers.  This  has  enabled  sales-oriented  Web  sites  to 
become  more  creative  in  their  content.  For  example.  Open  Market's 
Merchant  Solution  extended  the  breadth  of  a  server's  technical  capabilities 
for  commercial  transactions  by  integrating  a  number  of  previously  separate 
services. 

During  1995  there  were  a  number  of  protocol  proposals  for  securing 
commercial  transactions  in  response  to  strong  user  demand  for  secure, 
commerce-grade  products.  A  companion  report  from  INPUT,  Electronic 
Catalogs,  Web  Storefronts  and  Internet  Malls,  studies  these  developments 
closely. 

INPUT  also  found  great  interest  in  the  application  of  Web  server  technology 
for  purposes  such  as  information  distribution,  timely  updates  of  financial  or 
procedural  data,  and  the  execution  of  electronic  auctions.  To  support  these 
developments,  Web  server  and  browser  vendors  are  addressing  the  features 
enhancement  phase  in  these  five  areas: 

i.     Full  Development  Suite 

Businesses  want  to  establish  themselves  on  the  WWW  quickly  and  easily.  In 
order  to  do  so,  they  need  a  tightly  coordinated  toolset  with  which  to  work. 
This  toolkit  would  contain  a  CGI  scripting  tool,  HTML  authoring  tool, 
database  integration  tool  and  an  imagemap  development  tool.  These  four 
tools,  combined  in  a  seamless  manner,  can  greatly  simplify  the  effort  of 
building  a  Web  site. 

Today,  these  tools  are  standalone  add-ons  that  consume  resources,  require 
configuration  and  often  are  highly  technical  in  nature.  Products  such  as 
Softquad's  HoTMetaL  Pro,  and  Corel's  Draw  program  are  examples  of  these 
products. 

There  is  also  an  add-on  market  for  integration  tools.  Companies  such  as 
Spider  Technologies  and  Vermeer  Technologies  have  released  products  that 
support  advanced  publishing  capabilities. 

An  alternative  to  this  full  suite  offering  is  to  provide  vendors  on  the  Web  with 
access  to  a  central  service  bureau.  The  central  service  bureau  is  a  suite  of 
back-office  processes  that  includes  applications  software  to  handle  security, 
EDI,  credit  card  clearances,  inventory  and  catalog  maintenance.  This 
approach  is  being  offered  by  Open  Market,  and  by  two  of  the  EDI  VANs,  as 
part  of  their  managed  Internet  services  offerings  (AT&T,  IBM  Global 
Network).  This  "for  fee"  approach  will  be  attractive  to  vendors  who  prefer  to 
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outsource  the  back-office  operations  of  their  Websites,  allowing  them  to 
concentrate  on  attractive  and  successful  content.  The  service  fee  range  is 
from  $0.50  to  $1.00  per  transaction. 

iL    CGI  Replacement 

Web  software  vendors  are  also  developing  generic  integration  APIs.  These 
will  co-exist  with,  or  replace,  Common  Gateway  Interface  (CGI)  scripts.  The 
CGI  connects  an  HTML  form  and  its  contents  with  a  background  process  that 
executes  a  user  request.  Spyglass,  Microsoft  and  Netscape  have  been  active 
in  developing  alternatives  to  CGI  that  are  easier  to  use  and  more  flexible. 
Microsoft  is  developing,  as  part  of  its  Blackbird  project,  an  API  called 
Internet  Services  API  (ISAPI),  and  Netscape  has  released  Netscape  API 
(NSAPI). 

In  input's  view,  the  development  of  open,  documented,  industrial-strength 
APIs  will  further  the  growth  in  the  commercial  use  of  the  WWW  by  helping  to 
simplify  the  commercialization  process. 

Hi.  EDI  Integration 

In  the  execution  of  a  commercial  transaction  on  the  WWW,  the 
communication  between  the  user  and  the  browser  does  not  require  EDI 
software  or  protocols.  However,  the  back-end  fulfillment  process  for  that 
transaction  will  require  EDI,  or  similar  functionality.  For  example,  a  shop 
that  is  selling  hard  goods  such  as  radios  and  stereos  does  not  actually  have 
the  inventory  on  hand.  It  provides  its  supplier  with  the  delivery  and  sales 
details.  If  this  is  based  on  paper,  then  the  vendor  is  eating  into  its  profits.  If 
the  authorized  sale  were  instead  formatted  to  the  EDI  standard  protocols, 
then  the  exchange  of  information  with  the  supplier  would  be  more  reliable, 
more  timely  and  at  a  lower  cost. 

Web  server  vendors,  such  as  Open  Market  and  SpyGlass,  are  in  current 
discussions  with  EDI  software  developers,  such  as  Premenos  and  St.  Paul 
Software,  as  to  how  this  functionality  can  be  built  into  Web  server  software. 

iv.    Security  and  Commercial  Protocols 

To  enable  security  on  the  WWW,  the  Web  server  vendors  are  addressing  the 
issue  fi-om  two  perspectives:  transport  security  and  data  security.  For  both 
of  these,  there  are  competing  protocol  proposals. 

•    For  transport  security,  there  is  Secure  Sockets  Layer  (SSL)  from  Netscape 
and  Private  Communications  Technology  (PCT)  from  Microsoft 
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•    For  data  security,  Netscape  and  MasterCard  propose  the  Secure 

Electronic  Payment  Protocol  (SEPP),  and  MicrosoftA^isa  propose  Secure 
Transaction  Technology  (STT)  (In  January  1996,  Visa  and  MasterCard 
announce  that  they  will  develop  a  joint  standard,  but  no  draft  has  been 
made  public.) 

input's  survey  has  found  that  the  Web  server  vendors  are  pragmatic  when 
faced  with  multiple  protocols.  While  neither  of  the  proposals  is  yet  a 
standard  for  either  of  the  security  layers,  the  protocol  proposals  have  been 
published.  In  the  interests  of  responding  to  the  demands  for  secure  servers, 
the  Web  server  vendors  intend  to  support  both  of  the  proposed  protocols 
within  each  layer. 

V.     Performance  Enhancement 

The  primary  approach  implemented  by  Web  software  vendors  to  address 
performance  issues  has  been  to  introduce  caching  techniques  to  the  client 
(browser)  software.  The  caching  technique  works  on  the  basis  of  saving  the 
most  recent  set  of  Web  pages  that  the  user  accessed.  The  next  time  the  user 
visits  the  same  site,  the  Web  page  is  loaded  more  quickly  because  the  browser 
is  accessing  the  "cached"  local  file.  However,  the  downside  of  this  approach  is 
that  if  the  Web  site  changes  frequently,  the  user  will  still  have  to  poll  or 
reload  from  that  Web  site  in  order  to  stay  current. 

Another  area  of  performance  enhancement  being  investigated  deals  with  the 
technology  underl5ring  the  search  engines  that  Web  servers  use.  When  a  user 
is  looking  for  local  information,  a  well-designed  search  engine  will  perform 
quickly  and  accurately.  Verity's  search  engine  is  currently  the  market  leader. 
It  is  being  licensed  into  the  server  products  from  such  companies  as  Netscape 
and  Oracle. 

c.    Phase  III — Market  Maturity 

The  commercial  WWW  marketplace  for  product  and  services  has  not  yet 
reached  the  market  maturity  phase.  It  is  expected  to  reach  maturity  within 
the  five-year  forecast  period. 

3.    Market  Forecast 

Prices  for  commercial  Web  servers  are  falling.  Recent  price  cuts  by 
companies  like  Netscape  serve  notice  that  there  is  increasing  competition. 
More  firms  are  entering  the  Web  server  marketplace,  including  Oracle,  which 
are  marketing  OEM  server  products. 

INPUT  found,  during  its  interviews  with  Web  server  vendors,  that  they 
believe  that  the  implementation  of  secure  protocols  will  generate  significant 
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market  growth.  This  is  in  spite  of  the  fact  that  there  are  multiple  alternative 
protocols. 

The  U.S.  market  forecast,  as  shown  in  Exhibit  V-3,  shows  six  times  the 
revenues  for  1996,  and  two  and  a  half  times  for  1997.  Thereafter,  the  growth 
rates  will  retreat  to  more  sustainable  levels. 


Web  Server  and  Web  EDI  Market  and  Forecast 


1995 

1996 

1997 

1998 

1999 

2000 

1995-2000 

($M) 

($M) 

($M) 

($M) 

($M) 

($M) 

CAGR% 

Web  server  software 

110 

670 

1660 

2080 

3300 

3600 

101% 

EDI  SA/V  Sales  to  Web  vendors 

0 

1 

10 

45 

95 

180 

N/A 

Source:  INPUT 


There  has  been  no  breakout  of  security  software  to  support  Web  servers  or 
secure  versions  of  servers  because  the  Web  server  vendors,  such  as  SpyGlass, 
Frontier  Technologies,  and  Open  Market  (though  not  yet  Netscape),  now 
regard  the  inclusion  of  secure  services  as  a  standard  feature  of  their  server 
products. 

Exhibit  V-3  also  shows  the  potential  sales  of  EDI  software  to  the  Web  server 
vendors.  In  order  to  conduct  commerce  over  the  Web,  the  Web  servers  must 
be  connected  to  the  legacy  systems  that  will  ensure  fulfillment  of  the  orders 
taken  by  the  servers.  Although  EDI  is  a  technology  capable  of  filling  this 
role,  and  EDI  software  vendors  are  actively  pursuing  the  opportunity  now 
with  Web  server  vendors,  there  still  remains  the  possibility  that  the  Web 
server  industry  will  take  its  own  separate  path  for  fulfillment,  not  involving 
EDI. 
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4.    Value  of  Goods  and  Services  Traded  Over  the  WWW 

The  worldwide  value  of  goods  and  services  traded  over  the  WWW  is  examined 
in  detail  in  a  companion  report,  Electronic  Catalogs,  Web  Storefronts  and 
Internet  Malls. 

The  current  situation  and  forecast  for  1995-2000  is  shown  in  Exhibit  V-4. 


Exhibit  V-4 

Value  of  Goods  and  Services  Traded  Over  the  WWW 


1995 
($M) 

1996 
($M) 

1997 
($M) 

1998 
($M) 

1999 
($M) 

2000 
($M) 

1995-2000 
CAGR% 

Business-to-Business  Sales 

30 

250 

1400 

6300 

32000 

1 20000 

425% 

Business-to-Consumer  Sales 

40 

190 

850 

3500 

14000 

45000 

308% 

TOTAL  G&S  SOLD  over  WWW 

70 

440 

2250 

9800 

46000 

165000 

373% 

Source:  INPUT 


c  

Vendors  on  the  WWW 

1,    Business  Environment 

There  have  been  vendors  using  the  Web  since  early  1994.  As  an  example  of 
their  experience,  the  operators  of  the  Branch  Mall  indicate  that  their  tenants 
have  a  65-70%  occupancy  renewal  rate  year  over  year.  They  believe  that 
there  is  profitable  business  to  be  transacted  over  the  WWW. 

INPUT  has  found  that  the  successful  players  are  those  that  have  bred 
consumer  loyalty.  As  an  example,  ISN  and  CDNow  have  based  their  success 
on  working  hard  to  deliver  useful  value-added  services  to  their  customers. 
CDNow  is  able  to  offer  its  clients  comprehensive  catalog  lookups  for  hard-to- 
find  music  or  video  releases.  This  kind  of  service  encourages  the 
development  of  closer  relationships  between  the  user  and  the  vendor. 

As  a  further  move  in  this  direction,  ISN,  for  example,  is  planning  to  use  the 
suite  of  protocols  and  features  soon  to  be  released  that  will  offer  Web  site 
developers  a  high  degree  of  "server  personalization."  As  a  browser  enters  the 
server's  space,  the  server  can  respond  by  delivering  a  personalized  "page"  to 
the  user.  By  working  from  a  database  of  past  purchases,  the  server  will  be 
able  to  display  discount  coupons  and  special  offers  on  items  related  to  those 
prior  purchases. 

INPUT  found,  based  on  discussions  with  vendors  such  as  ISN,  CDNow  and 
AT&T,  and  research  for  the  report  Electronic  Catalogs,  Web  Storefronts  and 
Internet  Malls  that  typical  spending  ranges  were  from  $37  to  $300  per 
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purchase.  ISN  reports  about  275,000  visits  per  month  with  a  purchase  rate 
of  3%.  This  comes  to  monthly  revenues  of  $725,000.  Note  that  the  3%  "buy 
rate"  is  consistent  with  the  experiences  of  the  direct  mail  sales  industry. 

In  November  1995,  AT&T  Easv  World  Wide  Web  Services  announced  a 
strategy  to  provide  managed  Internet  services  for  organizations  interested  in 
establishing  an  Internet  presence.  In  a  survey  of  its  1-800  number  customer 
base,  AT&T  found  that  over  60%  are  very  interested  in  offering  Internet 
services.  Published  statistics  show  that  the  average  1-800  number  purchase 
is  about  $75.  Based  on  a  conservative  45%  take-rate  among  the  1,000,000  1- 
800  number  service  subscribers,  this  translates  into  a  projected  sales  volume 
of  over  $33,000,000.  The  roll-out  through  1996  will  have  an  important 
impact  on  the  marketplace's  credibility  with  purchasers.  Bearing  in  mind 
that  AT&T  has  a  credit  card  division  to  assist  in  payment  clearances,  it  will 
also  lend  credibility  to  the  security  of  the  Internet. 
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Exhibit  V-5  lists  a  representative  sample  of  the  types  of  companies  that 
maintain  an  Internet  presence  and  have  enjoyed  sales  success.  Some  of  these 
do  not  support  on-line  payment  settlement.  The  principal  reason  appears  to 
be  lack  of  back-office  mechanisms  to  support  credit  card  clearance. 


Exhibit  V-5 

Representative  Vendors  on  the  WWW 


Vendor 

Market 

Secure  Transactions? 

Virtual  Vinevards 

Wine  and  Suoolies 

Yes 

HNR  Computers 

Hardware  and  Software 

Duthie  Books 

Books 

Home  Automation 
Systems 

Automatic  Control  Svstems 

*                   ill       LI  \^           \y  I  III  \y  1            y  \^  \       1  i 

The  Internet  Mall 

Store  Mall 

Yes 

Movie  Fone 

Cinema  Tickets 

Yes 

Shop-On-Line 

Catalog 

OzNet 

Store  Mall 

Yes 

Internet  Shopping 
Network 

Catalog 

Yes 

CDWorld 

Music  World 

Yes 

NECX 

Catalog 

Branch  Mall 

Store  Mall 

Yes 

CDNow 

Music  Store 

Yes 

PAWWS 

Securities 

Source:  INPUT 
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2.  Vendor  Sites 

a.  CDNow 

CDNow,  based  in  Pennsylvania,  enjoyed  very  good  success  in  1995  by 
following  a  simple  formula:  give  the  consumer  options,  whether  they  be 
related  to  product  selection  or  payment.  This  has  built  the  customer  loyalty 
that  CDNow  has  found  to  be  an  important  factor  in  its  success  to  date.  While 
price  is  certainly  one  reason  for  a  consumer  to  buy  electronically,  a  well- 
organized  WWW-based  vendor  like  CDNow  can  provide  a  value-added  service 
that  a  'real-world'  vendor  can  not.  It  offers  quick  and  responsive  access  to  a 
manufacturer's  database  of  all  the  products  in  its  catalog.  This  value-added 
process  has  helped  CDNow  achieve  a  successful  retention  rate  of  its  visitors 
for  further  business  and  service  development. 

Regarding  payments,  CDNow  has  had  few  inquiries  from  its  customers  about 
the  security  of  their  credit  card  information.  In  fact,  a  significant  number  of 
them  send  their  credit  card  information  "in  the  clear"  (i.e.,  unencrypted). 

b.  Internet  Shopping  Network 

As  an  Internet  version  of  the  Home  Shopping  Network,  ISN  has  found 
success  with  the  same  formula  that  HSN  uses:  provide  the  purchaser  with  a 
wide  range  of  choices  at  competitive  prices.  ISN  has  found  that  it  is  very 
important  to  keep  user  interest  high  and  to  keep  the  revisit  rate  as  high  as 
possible. 

To  address  these  two  issues,  ISN  is  looking  forward  to  the  next  generation  of 
Web  server  tools  and  document  standards  that  will  allow  it  to  provide 
additional  values,  such  as  discount  coupons.  ISN  has  identified  speedier 
credit  card  authorizations  and  closer  electronic  links  with  its  suppliers  as 
important  back-office  processing  issues  that  will  be  addressed  in  1996. 

3.  WWW  Hosting  Services 

Companies  can  outsource  the  management  of  their  sites  to  a  WWW  Hosting 
Service  offered  by  the  likes  of  AT&T,  IBM,  Sterling  Software  and  Harbinger. 
These  provide  companies  with  a  secure  means  of  establishing  a  WWW 
presence  as  an  add-on  to  their  VAN  services. 

Web  hosting  services  leverage  the  technical  and  support  organizations  that 
the  VANs  have  established.  By  having  this  service  provided  by  the  VAN,  the 
user  company  retains  access  to  the  support  and  technical  infrastructure  of 
the  VAN.  As  documented  in  Chapter  IV  of  this  report,  users  have  indicated 
that  this  is  important  to  them. 
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Exhibit  V-6  lists  the  VANs  that  are  active  in  this  area,  and  the  services  they 
have  announced  to  support  companies  and  organizations  that  want  an 
Internet  presence. 


Exhibit  V-6 

Representative  WWW  Hosting  Services 


Value-Added  Network 

Service 

Characteristics 

IBM  Global  Network 

Web  Sites  Authoring 

PinH  ^iinnnrt 

ClI  l\J  I 

Worldwide  network 

Sterling  COMMERCE:Network 

Web  Sites  Authoring 
and  Support,  and  Back- 
Office Integration 

Integration  with 
current  EC  network 
services 

AT&T  Easv  World  Services 

Web  Sites  Authoring 
and  Support,  and 
Payment  Clearance 

Worldwide  network 
and  dispute 
resolution  services 

Harbinger  Net  Services 

Web  Sites  Authoring 
and  Support 

Low  cost  and 
experience  in 
working  with  small 
and  medium-sized 
businesses 
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Exhibit  V-7  shows  how  the  WWW  Hosting  service  relates  to  a  VAN's  EDI 
offering,  which  is  provided  through  the  VAN's  data  center.  VANs  also 
envisage  offering  their  clients  the  capability  to  link  these  Web  sites  to  their 
back-office  operations,  as  well  as  to  the  payment  clearance  system. 


Exhibit  V-7 

VAN-based  WWW  IHosting  Services 


WEB  FARM 
(Numerous 
Servers) 


VAN 
DATA 
CENTER 
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4.    Back-Office  Integration 

As  noted  earlier,  INPUT'S  survey  identified  the  Web-based  vendors'  concerns 
about  the  back-office  processes  that  support  their  activities  on  the  Internet. 
In  general,  the  vendors'  fulfillment  processes  with  their  suppliers  are  paper 
or  telephone  based.  Their  objective  for  1996  is  to  automate  these  back-end 
processes,  as  well  as  the  credit  card  verification  process,  fully.  To  do  so,  they 
need  to  be  able  to  connect  their  HTML  forms  easily  to  the  databases  and 
applications  that  support  their  internal  operations. 

For  example,  when  a  user  places  an  order  on  a  vendor's  Web  page,  the  data  is 
captured  by  the  HTML  form  and  passed  to  a  CGI  script  for  processing.  At  the 
moment,  this  means  the  order  data  is  often  printed  onto  paper  and  manually 
rekeyed  into  the  vendor's  order  entry  system.  This  increases  a  vendor's  cost 
of  operations.  If,  instead,  the  order  were  processed  directly  from  the  Web 
page  to  the  order  entry  system,  it  would  reduce  operating  costs  and  keying 
errors,  and  speed  up  the  response  time  to  the  user.  Exhibit  V-8  lists 
companies  that  are  working  on  connectivity  protocols  that  will  work  with  the 
vendors'  WWW  pages  and  the  HTML  forms  content. 


Exhibit  V-8 

Database  Vendors  Developing  WWW  Services 


Vendor 

Product 

IBM 

DB/2 

Computer  Associates 

CA-Openlngres/ICE 

Informix 

Informix 

Oracle 

Oracle 

Sybase 

System  1 1 

Microsoft 

SQL  Server 
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The  connectivity  of  these  database  products  is  important  because  it  is 
database  products  such  as  these  that  underlie  the  in-house  applications  that 
the  vendors  use  for  their  operations,  such  as  order  entry.  By  facilitating  this 
connectivity,  the  database  software  vendors  will  help  address  the  three  goals 
mentioned  above:  cost  reduction,  error  reduction  and  enhanced  time 
responsiveness. 

Similarly,  EDI  software  vendors  can  address  these  three  goals  by 
establishing  connectivity  between  their  products  and  the  Web  servers.  In 
many  cases,  the  user's  order  will  not  go  to  an  order  entry  system,  but  rather 
directly  to  the  manufacturer  of  the  good  that  was  ordered.  Thus,  it  can  be 
seen  that  EDI/HTML  form  connectivity  provides  the  Web-based  vendor  with 
a  cost-effective  means  of  handling  commercial  transactions. 
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P  

Primary  Payment  Mechanisms 

Vendors  on  the  Internet  face  a  key  problem:  how  to  secure,  and  cost- 
effectively  clear,  credit  card  payment  instructions.  While  no  serious  attack 
has  been  documented  on  credit  card  numbers  used  over  the  WWW,  users 
have  the  perception  that  there  is  a  security  problem  with  the  Internet.  The 
potential  for  problems  is  certainly  real  if  credit  card  numbers  are  sent 
without  encryption,  but  even  encryption  is  not  yet  trusted  by  the  public  at 
large,  despite  the  fact  that  experts  believe  that  the  DES  and  RSA  data 
security  schemes  are  effective  and  reliable. 

None  of  the  vendors  surveyed  reported  having  experienced  any  problems  with 
the  transmission  of  credit  cards  and  the  settlement  of  any  of  their 
transactions.  In  fact,  INPUT'S  interviews  with  vendors  such  as  ISN,  CDNow, 
and  Branch  Mall  revealed  that  a  substantial  percentage  of  on-line  purchases 
are  settled  using  credit  cards  transmitted  in  unencrypted  form,  as  shown  in 
Exhibit  V-9. 


Exhibit  V-9 

Use  of  Payment  Mechanisms 


Payment  Mechanism 

Percentage  Use 

Encrypted  On-Line  Credit  Card  Submission 

30% 

Unencrypted  On-Line  Credit  Card  Submission 

20% 

1-800  Number  Confirmation  of  Credit  Card  Number 

20% 

Other  Traditional  Means  (Mail,  Fax) 

30% 

New  Payment  Mechanisms 

Too  low  to  measure 

Source:  INPUT 


MasterCard  has  stated  that  the  $50  fraud  limit  does  not  apply  on  the 
Internet.  WWW-based  vendors,  on  the  other  hand,  have  maintained  that, 
since  the  cardholder  agreement  does  not  explicitly  exclude  use  on  the 
Internet,  the  $50  limit  does  apply.  The  credit  card  holder's  legal  liability 
would  seem  to  be  in  doubt  should  the  person  use  the  credit  card  number  over 
the  Internet.  Some  vendors,  such  as  the  Internet  Shopping  Network,  have 
stated  that  they  will  protect  the  consumer  from  such  fraud,  in  the  interest  of 
building  consumer  loyalty. 

As  Exhibit  V-9  shows,  about  fifty  percent  (50%)  of  all  sales  on  the  WWW  are 
settled  with  a  credit  card.  Twenty  percent  (20%)  of  the  total  payments 
involve  credit  card  numbers  being  sent  unencrypted.  When  asked  about  this 
behavior,  since  it  appears  contrary  to  the  reported  consumer  perception  of  the 
Internet  as  insecure,  the  vendors  stated  that  consumers  who  use  the  Internet 
are  sophisticated  and  aware  of  the  technology's  capabilities.  Thus,  they 
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generally  have  fewer  qualms  about  sending  credit  card  information  over  the 
Internet.  (INPUT  also  believes  that  many  of  those  consumers  who  have  the 
negative  perception  are  not  yet  purchasing  as  a  result.) 

"New  payment  mechanisms"  includes  the  services  of  DigiCash,  CyberCash 
and  similar  organizations.  The  share  they  enjoy  is  listed  as  "too  low  to 
measure"  because  few  of  the  Internet  vendors  yet  support  these  alternatives. 
Use  of  First  Virtual's  technology  revolves  around  the  mall  that  it  itself  set  up. 
"Other  traditional  means"  includes  faxes,  purchase  orders,  and  mailed 
checks. 

Credit  card  use  on  the  Internet  will  continue  to  grow  as  various  security 
protocol  standards  are  resolved.  MasterCard's  stated  intention  is  to  have  a 
functioning,  secure  Internet  strategy  implemented  by  April  1996.  Given  the 
low  volume  of  sales  over  the  WWW,  the  position  on  fraudulent  credit  use  that 
the  vendors  have  taken  would  appear  to  be  reasonable.  However,  INPUT 
believes  that  as  commercial  volume  grows,  WWW-based  vendors  may  take  a 
second  look  at  that  policy.  By  then,  secure  protocols  should  be  in  place 
anyway. 

E  

New  Payment  Mechanisms 

As  an  alternative  to  the  payment  approaches  noted  in  the  previous  section, 
Exhibit  V-10  lists  four  new  approaches.  The  basic  assumptions  behind  these 
are  that: 

•  The  Internet  is  insecure. 

•  Users  do  not  wish  to  transmit  their  payment  information. 

•  Sellers  require  a  trusted  third  party  to  limit  risk. 

•  Digital  signature  is  an  unproved  technology. 

These  new  payment  technologies  have  not  yet  gained  good  acceptance  in  the 
marketplace.  There  seem  to  be  two  reasons: 

•  The  offering  organizations  do  not  yet  have  credibility 

-  The  fact  that  these  organizations  do  not  represent,  nor  are  parties  to, 
the  bank  clearing  and  credit  card  authorization  systems  gives  rise  to 
questions  of  credibility.  In  fact,  they  generally  operate  as 
intermediaries  between  the  consumer/merchant  and  the  credit 
card/bank. 
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•    Security  mechanisms  are  not  yet  proven  technically 

-  While  they  propose  to  use  digital  signatures  and  public  key  encryption, 
the  question  still  remains  as  to  whether  they  are  implementing  the 
technology  correctly. 

As  noted  earlier  in  this  report,  the  Internet  community  and  its  success 
are  based  upon  open  and  replicable  standards.  Thus,  the  difficulty 
many  organizations  have  with  third  parties  is  that  the  third  parties 
have  not  published  their  protocols  for  public  review.  Therefore  their 
technology  is  not  yet  trusted. 

Where  purchases  involve  micropayments,  these  new  mechanisms  would 
appear  to  have  an  advantage.  In  this  scenario,  the  purchase  is  often 
intellectual  property,  where  the  price  is  in  cents  and  the  cost  of  the 
transaction  must  be  kept  to  a  minimum. 

With  over  100,000  information  databases  available  today,  the  Internet  brings 
the  cost  of  delivery  down  dramatically.  To  expand  their  markets,  on-line 
information  databases  want  a  technology  that  best  protects  their  intellectual 
rights,  while  at  the  same  time  encouraging  the  impulse  purchase  by  users. 

An  upcoming  INPUT  report  studies  these  payment  technologies  and  their 
prospect  for  future  acceptance  in  detail. 


Third-Party  Payment  Mechanisms 


New  Payment 
Mechanism 

Description 

DigiCash 

Consumers  exchange  cash  for  tokens  and  use  these,  via 
specialized  software,  to  make  purchases. 

CyberCash 

Using  specialized  software,  the  credit  card  number  is 
encrypted  and  cleared  by  CyberCash  through  the  credit  card 
clearance  system. 

First  Virtual 

Credit  card  information  is  held  in  a  database  by  FV  and 
purchases  are  applied  against  it. 

NetBill 

Consumers  use  a  'wallet'  that  is  stored  on  their  PC  to  settle 
purchases  that  are  cleared  by  a  specialized  NetBill  server. 

Source:  INPUT 


1.    Electronic  Cash  Systems 
a.  DigiCash 

DigiCash  operates  on  the  basis  of  a  bank  issuing  tokens  to  a  subscribing  user. 
These  tokens  represent  actual  cash  withdrawn  from  that  user's  bank  account. 
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These  tokens  can  then  be  used  for  purchases  from  participating  vendors  on 
the  Internet.  In  October  of  1995,  Mark  Twain  Bank  of  St.  Louis  became  the 
first  bank  to  offer  such  a  service. 

The  user  uses  these  tokens  via  a  software  client  that  works  within  the  user's 
browser  software.  Whenever  a  transaction  is  to  take  place,  there  is  an  icon 
on  the  screen  that  signifies  to  the  user  that  tokens  may  be  used  for  pa3rment. 
As  with  other  digital  cash  alternatives,  there  is  the  requirement  on  the  part 
of  the  user  to  incur  additional  costs  such  as  sign  on  fees  and  transaction  fees 
associated  with  authenticating  and  clearing  the  tokens  when  used,  and  to 
install  additional  software. 

b.  CyberCash 

CyberCash  works  on  the  principle  that  the  user  does  not  want  the  merchant 
to  see  the  credit  card  information  submitted  for  payment.  Therefore,  both  the 
user  and  the  merchant  use  specialized  software  to  generate  a  payment  order 
that  includes  the  purchase  details.  This  order  is  forwarded  to  Cyber  Cash's 
server  for  validation.  Once  validated,  the  order  is  forwarded  to  the  credit 
card  clearance  system.  Once  cleared,  the  confirming  data  is  transmitted  back 
to  the  merchant. 

c.  First  Virtual 

For  the  user  concerned  about  credit  card  information  transmitted  over  the 
Internet,  First  Virtual  has  developed  an  alternative  approach.  Through  a 
traditional  registration  process,  the  user  provides  FV  with  relevant  personal 
and  credit  card  information. 

As  purchases  are  made,  they  are  charged  against  the  registered  credit  card. 
This  charge  is  consummated  only  upon  receipt  of  an  E-mail  confirmation  to 
FV  that  the  downloaded  intellectual  property  is  to  be  kept  and  used. 

d.  NetBiU 

NetBill  operates  as  a  server  that  maintains  a  customer's  account  information 
and  a  merchant's  account  information.  Whenever  a  transaction  is  executed, 
the  funds  are  transferred  from  one  NetBill  account  to  another.  The 
customer's  account  is  replenished  from  either  his  own  bank  account  or  from  a 
credit  card.  In  turn,  the  merchant  gains  access  to  the  accumulated  funds 
when  they  are  deposited  in  its  bank  account. 

The  intellectual  property  is  delivered  to  the  consumer  in  an  encrypted  form 
that  is  verified  to  confirm  error-free  receipt  of  the  information.  Once 
confirmed,  an  electronic  payment  order  is  forwarded  to  the  NetBill  server  for 
execution.  Once  executed,  the  merchant's  server  will  send  the  key  that  the 
consumer  can  use  to  unlock  the  acquired  intellectual  property. 
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The  utility  of  this  approach  is  most  attractive  in  scenarios  where  the  cost  of 
an  item  is  so  low  that  the  credit  card  processing  cost  is  burdensome. 
However,  this  approach  does  impose  on  the  consumer  the  requirement  to 
install  additional  software,  and  to  incur  transaction  costs  beyond  that  which 
must  already  be  paid,  e.g.,  bank  transfer  costs,  service  fees  and  the  like.  The 
NetBill  paradigm  assumes  that  information  is  sold  by  the  page,  for  cents  per 
page.  Actual  experience  to  date  has  not  confirmed  that  this  is  not  the  case. 

2.  Summary 

Some  Web-based  vendors  feel  that  there  may  be  a  problem  with  these 
mechanisms  in  that  the  user  has  to  "buy"  the  e-cash  before  they  spend  it. 
Until  they  are  ubiquitous,  this  may  lead  to  the  situation  of  not  being  able  to 
capitalize  on  an  "impulse  buy"  if  a  user  were  to  run  out  of  e-cash.  In  a  future 
study,  INPUT  will  analyze  these  payment  technologies  and  their  prospect  for 
future  acceptance. 
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Enabling  Technologies 


This  chapter  reviews  the  technologies,  protocols  and  standards  that  will 
enable  the  continued  growth  of  electronic  commerce  over  the  Internet. 

A  

Summary  of  Enabling  Technologies 

The  multiplicity  of  standards  is  one  of  the  reasons  that  such  growth  is  held 
back  at  the  moment.  However,  resolution  of  the  protocol  options  to  a  broadly 
supported  standards  set  is  forthcoming  in  1996. 

INPUT  has  identified  four  enabling  technologies  that  are  discussed  in  this 
chapter: 

•  Transport  security  ^ 

•  Data  security 

•  Presentation  protocols 

•  Electronic  data  interchange  translation  software 

These  technologies  directly  affect  how  a  user  transacts  electronic  commerce 
over  the  Internet,  whether  EDI-based  or  over  the  WWW.  One  of  the  reasons 
that  security  is  required  in  an  electronic  commerce  environment  is  that  we 
need  a  reliable  and  secure  framework  for  the  payment  of  goods  and  services 
over  the  Internet. 

Two  layers  of  security  are  needed,  and  INPUT  differentiates  between  them  in 
the  following  manner: 
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•  Transport  Security  assures  that  the  communications  session  between  the 
chent  software  and  the  server  software  is  secure.  For  example,  the 
Secure  Sockets  Layer  (SSL),  after  an  encryption  key  exchange  and 
authentication  process,  ensures  a  secure  communications  session. 
Transport  security  provides  "channel  security,"  which  allows  client/server 
applications  to  communicate  in  away  that  cannot  be  eavesdropped  upon. 
This  security,  however,  only  exists  between  the  applications,  and  does  not 
address  the  security  of  the  data  after  it  has  been  communicated. 

•  Data  Security  protocols  provide  additional  security  of  specific  data  within 
the  message  being  transmitted.  Because  transport  security  protocols  are 
application  independent,  protocols  that  address  data  security  can  be 
layered  on  top  of  them.  In  credit  card  payment  situations,  for  example, 
the  transmission  of  the  credit  card  number  to  the  vendor's  applications 
server  would  be  secured  by  transport  security,  but  the  next  step  of 
passing  the  number  to  a  credit  card  authorization  center  would  not  be 
protected.  Because  the  transport  security  protocol  does  not  address  the 
security  of  the  data  after  the  communications  session  (that  is,  once  the 
vendor  has  the  credit  card  information),  then  end-to-end  security  is 
needed,  and  can  be  provided  by  data  security.  The  choice  of  the  data  to  be 
secured,  and  to  what  extent  that  data  is  secured,  is  a  decision  made  by 
the  applications  developer. 

The  common  thread  through  most  of  the  protocols  is  the  reliance  on  a  digital 
signature,  which  is  created  using  a  public/private  key  pair  generated  using 
RSA  data  security  technology.  This  technology,  however,  requires  that  there 
be  a  trusted  third  party,  known  as  a  Certification  Authority  (CA),  to  certify 
the  key  pair  as  being  owned  by  a  particular  person  (distinguished  names). 
Without  the  establishment  of  a  network  of  CAs,  it  is  difficult  to  authenticate 
someone's  digital  signature.  INPUT  views  this  as  a  significant  issue 
confronting  electronic  commerce  over  the  Internet,  and  encourages 
organizations  that  have  a  credible  position  in  the  marketplace,  such  as  the 
VANs,  to  review  this  opportunity  to  facilitate  resolution  of  this  issue.  The 
U.S.  Postal  Service  is  proposing  to  become  a  CA,  and  is  in  a  strong  position 
to  do  a  good  job,  based  on  its  perceived  longevity  and  the  mail  fraud  laws  in 
place. 


©  1996  by  INPUT.  Reproduction  Prohibited. 


EESM 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


B  

Transport  Security 

Exhibit  VI- 1  shows  the  two  protocols  currently  proposed  for  transport 
security:  Secure  Sockets  Layer  (SSL)  from  Netscape  and  Private 
Communications  Technology  (PCT)  from  Microsoft.  These  protocols  are 
designed  with  the  objective  of  providing  secure  channel  authentication  and 
privacy  between  two  transacting  parties.  In  this  application,  the  server  is 
always  authenticated  and  the  client  is  authenticated  at  the  server's  option. 


Exhibit  VI-1 

Transport  Security  Protocols 


Protocol 

Lead  Sponsor 

Status 

SSL 

Netscape 

In  Use 

PCT 

Microsoft 

Under  Development 

Source:  INPUT 


They  operate  in  the  following  manner: 

•  There  is  a  handshake  sequence  between  the  client  and  the  server  that 
negotiates  an  encryption  algorithm  and  a  session  key,  as  well  as 
authenticating  the  server  to  the  client. 

•  Once  complete,  all  transmitted  data  is  encrypted  using  the  negotiated 
session  key.  To  ensure  integrity  of  the  data,  the  protocol  creates  a 
message  authentication  code,  or  digital  signature. 

•  The  documentation  for  SSL  and  PCT  does  not  make  any  reference  to  how 
the  server  would  authenticate  the  client.  As  SSL  currently  operates,  and 
as  PCT  is  proposed,  the  server  can  optionally  authenticate  the  client. 

SSL  was  presented  by  Netscape  in  1994  and  was  updated  in  1995  to  provide 
alternative  key  exchange  algorithms,  hardware  tokens,  and  additional 
authentication  protocols.  During  1995,  PCT  was  proposed  by  Microsoft. 
Microsoft  feels  that  PCT  resolves  security  weaknesses  within  the  SSL 
proposed  standard. 

The  objectives  of  these  two  protocols  are  the  same:  to  provide  and  maintain  a 
secure  communications  link  between  a  browser  and  a  WWW  server.  INPUT 
believes  that  these  standards  should  be  brought  together.  Support  for 
differing,  but  similar,  protocols  unnecessarily  increases  the  overall  costs  of 
doing  business.  INPUT  anticipates  that  standards  convergence  will  happen 
in  1996. 
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c  

Data  Security 

Exhibit  VI-2  lists  many  of  the  data  security  protocols  designed  to  protect  the 
contents  of  an  SMTP/MIME  message  on  an  end-to-end  basis.  These  protocols 
use  different  approaches  to  prevent  access  to  the  data  contents  of  a  message. 


Exhibit  VI-2 

Data  Security  Protocols 


Protocol 

Lead  Sponsor 

Status 

STT 

Microsoft-Visa 

Draft  IETF  Specification 

SEPP 

Netscape-MasterCard 

Draft  IETF  Specification 

PEM 

IETF 

In  Use 

PGP 

Public  Domain 

In  Use 

IVIOSS 

TIS 

Under  Developnrient 

Secure  MIME 

RSA  Inc. 

Under  Development 

Secure  HTTP 

Terisa 

Under  Development 

Source:  INPUT 

Unfortunately,  the  credit  card  companies  are  backing  competing  proposals. 
Visa  is  behind  STT,  and  MasterCard  is  behind  SEPP. 


•    Secure  Transaction  Technology  (STT)  is  being  developed  by  Visa  and 
Microsoft.  The  protocol  has  been  proposed  to  secure  the  payment 
transaction  when  the  payment  is  made  using  credit  cards.  The  credit  card 
number  is  encrypted  using  RSA  public  key  cryptography,  while  other 
financial  information  is  encrypted  using  DES  private  key  encryption.  The 
authentication  of  the  encrypted  data  is  to  be  managed  by  a  trust 
hierarchy,  similar  to  a  Certification  Authority  (CA)  but  established  by 
Visa,  input's  view  is  that  this  proposal  presents  problems  to  the 
development  community  because  it  does  not  base  itself  on  Internet  and 
ISO  standards,  such  as  ASN.  This  makes  it  a  proprietary  proposal. 
However,  many  of  Microsoft's  development  efforts  become  de  facto 
standards,  hence  must  not  be  discounted.  However,  it  appears  that  Visa 
support  for  SST  is  weakening. 
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•  Secure  Electronic  Pa5mient  Protocol  (SEPP)  is  proposed  by  Netscape, 
MasterCard,  CyberCash  and  GTE.  This  standards-based  proposal  also 
addresses  the  user  community's  concerns  about  secure  transmission  of 
payment-related  information,  specifically  credit  card  numbers.  In  a 
similar  fashion  to  STT,  the  credit  card  number  is  encrypted  via  public  key 
cryptography.  However,  the  authentication  framework  is  in  line  with 
proposals  for  Certification  Authorities  for  public  key  management. 
Verisign  and  Trusted  Information  Systems  are  examples  of  such 
organizations.  The  USPS  is  evaluating  how  best  to  address  this 
opportunity.  It  is  MasterCard's  stated  intention  to  have  a  secure  system 
in  place  by  April  1996. 

Other  alternatives  for  data  security  include  Pretty  Good  Privacy  (PGP), 
Privacy  Enhanced  Mail  (PEM),  MIME  Object  Security  Services  (MOSS),  or 
Secure  MIME  (S-MIME).  The  first  two  are  useful  when  the  business  data  is 
contained  in  the  body  of  the  message,  whereas  the  latter  two  address 
situations  in  which  the  business  data  is  included  in  the  E-mail  message  as  a 
MIME  object. 

•  PGP  is  a  public  domain  encryption  mechanism  that  uses  both  the  Digital 
Encryption  Standard  (DES)  and  a  public  key  cryptographic  process.  It 
has  not  followed  the  Internet's  standards  track,  so  is  unsuitable  for  use  in 
electronic  commerce  applications.  It  is  often  used  for  the  digital  signature 
and  encrypting  of  electronic  mail. 

•  PEM  is  an  older  standard  produced  by  the  Internet  Engineering  Task 
Force  (IETF).  It  is  generally  used  for  the  digital  signature  and  encrypting 
of  electronic  mail.  Due  to  some  inherent  technical  inflexibility,  it  is 
unsuitable  for  the  exchange  of  electronic  commerce  messages.  Some 
implementers  of  security  have  combined  PGP  and  PEM  to  create  a 
PGP/PEM  mechanism. 

•  MOSS  is  a  more  flexible  extension  of  PEM  for  the  digital  signature  and 
encrypting  of  electronic  mail,  and  was  introduced  during  1995.  By 
providing  Internet-standard  key  management  interfaces,  MOSS  has  the 
possibility  of  supporting  electronic  commerce.  The  protocol  is  based  on 
non-RSA  algorithms,  and  has  yet  to  be  widely  used  in  the  marketplace. 

•  S/MIME  was  also  introduced  during  1995.  RSA  introduced  this 
alternative  to  MOSS  as  the  limitations  of  PEM  became  apparent.  It  is 
built  around  RSA's  security  mechanisms.  To  date,  there  have  been  few 
market  implementations  of  this  technology. 

On  the  WWW,  the  protocol  used  between  WWW  clients  and  servers  is  the 
HyperText  Transfer  Protocol  (HTTP).  Its  ease  of  use  has  prompted  a  lot  of 
interest  in  implementing  a  wide  variety  of  applications.  Many  such 
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applications  require  the  client  and  the  server  to  authenticate  each  other  and 
to  transfer  data  confidentially. 

Secure  HTTP  (SHTTP),  now  supported  by  Terisa,  provides  secure 
communications  mechanisms  between  an  HTTP  client/server  pair.  It 
encrypts  the  message  files  that  flow  to  and  from  the  HTTP  server  and  client. 
SHTTP  supports  both  public  key/as3rmmetric  encrjrption  and  private 
key/symmetric  encryption.  It  also  supports  the  digital  signature  and  key 
management  approaches  used  by  RSA  data  security  products. 

It  is  intended  that  the  SHTTP  protocol  will  support  SSL  in  its  next  release, 
which  would  enhance  its  interoperability  across  the  Internet,  Given  the 
similarity  between  SST  and  SEPP,  it  is  INPUT'S  view  that  these  protocols 
should  be  brought  together. 


Presentation  Protocols 

Presentation  protocols  relate  to  the  way  in  which  WWW  information  is  stored 
in  the  server  and  accessed  by  the  browser.  Exhibit  VI-3  lists  the 
Presentation  protocols  and  their  current  status  of  implementation. 


Exhibit  VI-3 

Presentation  Frameworks 


Framework 

Co-ordinator/Deveioper 

Status 

HTML 

IETF 

1 .0  -  Released 
2.0  -  Soon 

3.0  -  Should  be  a  standard  in  1996 

VRML 

Silicon  Graphics 

First  release  shipping,  new  versions 
under  development 

JAVA 

Sun  Microsystems 

First  developer  kits  are  starting  to  be 
available,  significant  investment  in 
applications  development  is  being 
undertaken. 

Source:  INPUT 


HTML  was  defined  as  a  document  format,  derived  fi'om  SGML,  as  part  of  the 
initial  development  of  the  WWW.  SGML  originated  at  IBM  and  was  adopted 
as  a  CALS  standard  for  transferring  documents  between  systems  using  plain 
text  characters.  It  was  already  widely  adopted  in  some  segments,  such  as 
publishing,  government  and  manufacturing.  HTML  provides  a  document 
format  that  enables  documents  to  be  transferred  across  the  Internet  and 
displayed  according  to  rules  set  in  the  receiving  device.  Pointers  can  be 
placed  within  HTML  documents  that  link  the  user  to  other  documents  on  the 
Web. 
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During  1995,  Virtual  Reality  Modeling  Language  (VRML)  was  proposed  to 
provide  a  3-D  view  of  the  data  and  text,  and  the  JAVA  application 
development  environment  introduces  interactive  capability  to  the  WWW. 

•  HTML  is  undergoing  rapid  development,  from  the  first  version  1.0  as 
written  by  Tim  Berners-Lee,  to  the  recent  standard  version  2.0  to  a 
version  3.0  expected  in  1996.  The  reason  for  this  development  is  the 
increasing  demand  for  multimedia  capabilities.  Unfortunately,  the 
developers  may  be  moving  too  fast.  The  IETF  committee  responsible  for 
HTML  3.0  recently  issued  an  RFC  asking  whether  the  standards  track 
should  be  maintained  for  3.0,  or  if  the  HTML  standard  should  be  allowed 
to  splinter  for  the  time  being  to  see  which  features  truly  are  in  demand. 
The  conflict  arises  from  a  shopping  list  of  features  that  developers  wish  to 
add  to  HTML.  The  standards  process  is  such  that  not  all  user/developer 
requests  make  it  into  a  standard.  This  does  not  sit  well  with  the  server 
developers  who  see  some  competitive  advantage  in  offering  further 
functionality. 

•  VRML  is  still  its  early  stages.  Released  in  April  1995  by  Silicon  Graphics 
Inc.  (SGI),  version  1.0  is  being  tested  and  evaluated  on  a  number  of 
WWW  sites,  and  some  WWW  browsers  now  support  it.  By  providing  a  3- 
D  perspective  to  WWW  pages,  VRML  will  heighten  the  WWW  experience 
and  also  provide  a  more  realistic  multimedia  environment  than  is 
currently  available  on  the  WWW. 

•  JAVA  was  announced  during  1995  by  Sun  Microsystems  and  was  quickly 
adopted  by  a  number  of  WWW  server  and  browser  development 
companies.  JAVA  is  a  development  environment  that  allows  the  WWW 
server  to  download,  to  a  compatible  browser,  a  mini-program  called  an 
"applet."  In  this  way,  the  server  application  can  invoke  the  compute 
power  of  the  client  and  bring  the  application  to  life  in  a  way  that  would 
not  otherwise  be  possible,  given  the  limited  bandwidth  between  the  client 
and  server.  Thus,  it  becomes  easier  to  deliver  time-sensitive  data  from 
the  server.  A  full  JAVA  standard  and  suite  of  tools  will  be  available  in 
1996.  Symantec  is  one  of  the  first  software  vendors  to  announce  a 
developers'  kit  called  Espresso,  which  is  a  modification  to  its  C++ 
development  environment. 

It  is  input's  view  that  these  three  enablers  will  play  significant  roles  in 
encouraging  the  development  of  a  flexible  and  powerful  environment  for 
electronic  commerce.  By  being  able  to  accurately  visualize  a  product  (VRML), 
or  interact  with  a  process  (JAVA),  a  user  will  be  better  equipped  to  make  a 
choice  and,  therefore,  a  purchase.   Other  enablers  are  coming  from 
Macromedia  that  support  the  Shockwave  environment  for  animating  Web 
sites  and  from  DigiCash  that  provide  an  electronic  wallet  in  which  to  contain 
digital  cash.  Many  more  enablers  are  being  developed  and  deployed  and 
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leaders  will  emerge.  There  is  expected  to  be  a  rash  of  EDI  enablers  from 
VANs,  accounting  software  vendors,  leading  systems  software  vendors  and 
transaction  processing  vendors  over  the  next  few  years. 


Electronic  Data  Interchange  Software 

To  further  enhance  the  Internet  for  electronic  commerce,  EDI  translation 
software  developers  are  looking  at  providing  an  additional  capability  to  their 
EDI  translators  to  interoperate  with  the  Internet. 

This  capability  has  the  characteristics  listed  in  Exhibit  VI-4.These 
characteristics  would  be  implemented  in  an  add-on  module  that  would  be 
installed  in  a  fashion  similar  to  the  network  communications  modules 
currently  offered  by  EDI  software  companies. 


Exhibit  VI-4 

Characteristics  of  an  Internet-capable  Module 


•  RFC  822  SMTP  mail  envelope 

•  RFC  1 767  MIME/EDI 

•  ANSI-X12.58 

•  Private  key  (DES)  support 

•  Public  key  (RSA)  support 


Source:  INPUT 

To  date,  Premenos'  Templar  is  the  only  product  available  that  gives  EDI 
translators  the  ability  to  become  interoperable  with  the  Internet. 

Because  EDI  data  is  more  highly  structured  than  Internet  E-mail  data  or 
WWW  HTML  forms  data,  its  transport  and  security  needs  differ.  The  five 
characteristics  listed  in  Exhibit  VI -4  provide  the  capability  to  exchange  EDI 
documents  over  the  Internet  securely  and  reliably. 

•    RFC  822  is  an  Internet  standard  that  describes  the  format  of  an  electronic 
mail  message.  SMTP  is  the  protocol  by  which  an  electronic  mail  message 
is  delivered.  Unlike  the  EDI  VAN  environment  in  which  the  receiver  ID 
of  the  ISA  segment  is  used  as  the  addressee,  the  "To:"  in  the  message 
header  is  used  by  SMTP. 
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•  EDI  messages  are  structured  messages.  Since  an  E-mail  message  is,  in 
itself,  not  structured,  an  EDI  message  is  included  in  an  E-mail  message 
as  a  MIME  object  in  adherence  to  RFC-1767.  RFC  1767  describes  how  to 
use  the  MIME  encapsulation  protocol  to  include  EDI  data.  Each  MIME 
object  has  a  "content  type."  For  EDI  transaction  sets,  the  MIME  content 
type  for  standards-based  messages  is  either  "Application/EDI-X12"  or 
"Application/EDIFACT,"  as  appropriate.  For  non-standards-based 
messages,  it  is  "Application/EDI-Consent." 

•  Securing  an  ANSI  XI 2  transaction  set  for  transmission  over  the  Internet 
requires  support  for  Version  2  of  the  ANSI  ASC-X12.58  EDI  security  and 
encryption  standard.  To  send  the  resulting  secured  message  content 
through  the  Internet's  SMTP  mail  system,  the  secured  message  content 
must  be  modified  to  be  compatible  with  either  the  Base64  or  Quoted 
Printable  encoding  techniques  comprehended  by  the  MIME  encapsulation 
standard.  The  reason  is  that  SMTP  expects  the  transmitted  file  to 
contain  plain  ASCII  text.  Because  the  encryption  techniques  embodied  in 
X12.58  introduce  special  or  unprintable  characters,  the  algorithms  used 
for  securing  the  EDI  data  can  be  enabled  to  convert  the  special  characters 
into  a  format  compatible  with  either  Base64  or  Quoted  Printable. 

•  As  part  of  implementing  support  for  X12.58,  the  Internet-aware  module 
will  also  support  DES  session  key  generation,  encryption  and  decryption, 
as  well  as  public  key  (RSA)  authentication,  encryption  and  decryption, 
and  digital  signature  capabilities. 
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Trends  and  Issues 


This  chapter  discusses  the  trends  and  issues  affecting  the  growth  of  electronic 
commerce  over  the  Internet. 

A  

Trends 

1.  Growth  of  Virtual  Private  Internets 

As  industry  becomes  more  adept  at  Internet-based  commerce,  there  will  be 
an  opportunity  to  develop  industry-specific  subsets,  or  overlays,  on  the 
Internet.  A  product  such  as  Trade  Wave  Corp.'s  "TradeSecret"  is  positioned  to 
enable  these  applications.  Based  on  Northern  Telecom's  (Nortel)  Entrust 
security  system,  it  encrypts  data  and  establishes  mechanisms  and  procedures 
to  permit  access  only  to  authorized  users. 

For  example,  a  company  can  install  the  TradeWave  server  and  distribute  the 
browser  to  its  clientele  as  the  front  end  to  the  company's  applications. 
Through  the  implementation  of  access  levels  and  authorities,  different  users 
would  be  able  to  accomplish  different  activities.  Subscription-based  services 
would  find  this  capability  very  powerful. 

•    It  is  important,  however,  that  the  browser  retain  compatibility  with  the 
Internet  at  large.  This  is  because  users  will  be  less  inclined  to  use  it  if  it 
results  in  restricting  their  choices.  Any  vendor  following  this  strategy 
would  want  to  be  sure  to  integrate  the  front-end  process  with  existing 
browsers. 
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•  The  flexibility  and  availability  of  hardware  and  software  on  the  market 
today  will  permit  an  organization  to  distribute  specialized  front  ends.  For 
example,  the  parts  and  service  department  of  a  service  center  could  access 
the  database  and  catalog  of  a  manufacturer's  products,  or  the  service 
call/resolution  records  of  the  manufacturer's  technical  support  groups. 
The  advantage  of  using  this  technology  over  using  CD  ROM-based 
approaches  is  that  the  data  is  always  going  to  be  the  most  up  to  date 
possible.  This  is  further  discussed  in  Electronic  Catalogs,  Web  Storefronts 
and  Internet  Malls. 

2.  Operating  System  Deja-vu 

In  the  early  days  of  computing,  the  architecture  was  of  an  intelligent  central 
system  surrounded  by  dimib  terminals.  In  the  growth  of  the  personal 
computer  industry  over  the  past  15  years,  distributed  operation  of  systems 
has  been  driven  by  the  desire  to  make  access  to  information  easier. 

In  the  last  18  months,  as  a  result  of  the  WWW's  capability  to  cross-link 
widely  separated  sites,  information  has  become  even  more  distributed,  yet 
still  easily  correlated  and  coordinated.  The  Internet  is  becoming  the 
operating  system  for  the  information  society,  with  the  servers  and  clients 
effectively  becoming  peripherals. 

With  this  perspective,  we  see  a  return  to  the  centralization  that  characterized 
the  first  computer  systems.  This  is  the  concept  behind  IBM's  Network- 
Centric  Computing  initiatives,  and  the  "hollow  Internet  computers"  espoused 
by  Oracle  and  others. 

However,  there  is  a  fundamental  difference  between  the  network 
management  philosophy  today  and  that  of  earlier  years.  Management  is  now 
distributed  to  the  Internet  server  level,  as  opposed  to  being  centralized.  This 
enables  applications  to  be  somewhat  independent  of  each  other,  which 
significantly  speeds  the  rate  of  development.  As  a  result,  we  can  expect  the 
high  rate  of  innovation  to  continue,  and  no  one  should  be  complacent  about 
the  ability  of  competitors  to  proceed  very  quickly  with  electronic  commerce 
implementations. 

3.  Consolidation  of  Internet  Service  Providers 

•  To  grow  and  prosper  in  1996,  ISPs  will  have  to  tailor  their  offerings  to 
support  large-scale  commercial  use  of  the  Internet.  Examples  would 
include  provision  of  audit  trails,  24-hour  customer  support  lines,  message 
tracking  and  bandwidth  upgrades.  Smaller  ISPs  that  do  not  attract 
business  customers,  or  cannot  afford  to  expand  their  services,  will  be 
absorbed  into  the  larger  players  with  a  national  presence,  such  as  BBN 
Planet,  PSI,  UUNet,  Netcom  and  others. 
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•  Accommodating  business  will  be  accomplished  by  the  use  of  products 
such  as  Computer  Associates'  Unicenter/ICE  (Internet  Commerce 
Enabled).  Unicenter/ICE  is  a  suite  of  systems  and  network  management 
applications.  By  configuring  the  software  for  the  Internet,  it  will  help 
ensure  end-to-end  transaction  management,  recovery,  and  routing  in  a 
secure  manner,  thus  supporting  the  service  enhancements  noted  above. 

4.  Internet  Usage  Access  Levels 

•  As  previously  noted,  usage  of  the  Internet  for  commercial  purposes  has 
developed  in  two  directions,  WWW-based  commerce  and  EDI-based 
commerce.  Both  have  differing  service  level  requirements,  as  their  needs 
for  speed,  confidentiality,  and  access  are  not  the  same. 

•  WWW  users  need  security  and  assured  connectivity  to  Web  sites.  They 
generally  do  not  need  the  extensive  support  systems,  relationship 
building  assistance,  message  traffic  backup  and  audit  trails  services  to 
which  EDI  users  assign  high  priorities, 

•  To  service  both  WWW  commerce  and  Internet  EDI  markets  and  users, 
ISPs  will  have  to  offer  different  service  packages,  as  well  as  time-of-day 
pricing,  volume  discounts,  support  packages,  and  various  access 
capabilities  tailored  to  a  user's  requirements.  By  establishing  alliances 
with  major  telecommunications  organizations,  they  can  back  up  these 
offerings  with  dependable  network  topologies  to  service  users  of  WWW 
commerce  or  Internet  EDI, 

5.  Changing  Cost  Structures 

•  With  the  differentiation  of  EDI-based  commerce  from  WWW-based 
commerce,  ISPs  will  need  to  price  their  services  to  address  the  respective 
sectors,  VANs,  such  as  AT&T  EasyLink,  have  already  followed  this  path 
in  giving  their  electronic  mail  and  electronic  data  interchange  different 
price  structures, 

•  As  ISPs  offer  more  services  to  business,  and  raise  their  prices  accordingly, 
they  will  start  to  infringe  upon  the  territory  of  the  VANs,  This  will  put 
pressure  on  the  prices  that  VANs  charge,  and  the  overall  effect  will  be  a 
lowering  in  the  perceived  differential  between  the  Internet  and  the  VAN 
costs, 

6.  Copyright 

•  The  inadvertent  inclusion  of  copyrighted  material  in  Web  sites  presents 
an  ongoing  issue  for  the  electronic  commerce  community,  for  it  can  incur 
significant  legal  penalties. 
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•  IBM  and  Novell  are  two  companies  that  are  working  on  this  problem, 
using  a  technology  called  "secure  containers."  The  technology  protects  the 
copyright  of  electronic  text,  video,  or  sound  files,  no  matter  how  many 
hands  they  pass  through.  It  provides  a  sound  electronic  commerce 
solution  to  a  significant  business  challenge. 

•  Secure  containers  are  cryptographic  envelopes  that  not  only  encrypt  the 
file,  but  add  a  layer  of  rules  about  how  the  file  may  be  used,  and  by  whom. 
With  the  inclusion  of  a  compatible  Web  server,  the  user  pays  for  the  use  of 
the  document  through  the  act  of  opening  the  file  and  providing  the 
requested  information.  This  is  then  authenticated  and  forwarded  to  a 
copyright  clearinghouse,  such  as  Copyright  Clearance  Center,  Inc.  in 
Danver,  Mass. 


Technical  Issues 

1.  Persistent  Client-side  States 

•  Knowledge  about  the  "state"  of  the  client-side  software,  or  browser,  is 
important  to  enhancing  the  range  and  power  of  Web-based  applications. 
Currently,  browsers  are  "stateless"  to  the  Web  server.  That  is  to  say,  a 
browser  cannot  store  information  that  a  server  may  need  during  a  session 
or  between  sessions.  This  technology  is  called  COOKIES.  The  IETF  has 
a  draft  specification  published  for  discussion  and  review.  It  should  be 
noted  that  General  Magic  and  AT&T  have  already  implemented  a 
language  (Telescript)  for  consumer  messaging  that  manages  persistence. 

•  For  example,  a  subscription-based  Web  site  requires  that  the  user  enter 
the  ID  and  password  every  time  the  user  accesses  that  site.  If  the 
browser  had  a  state,  then  this  information  could  be  stored  in  the  browser, 
and  the  server  would  simply  request  it  from  the  browser's  files.  This 
would  make  operations  over  the  Internet  between  client  and  server  much 
simpler  and  quicker. 

•  By  giving  the  client  side  a  state,  electronic  commerce  over  the  WWW  will 
operate  more  efficiently.  Trading  partner  information  and  various  IDs 
can  be  stored  for  ready  access.  Shopping  applications  can  also  be  made 
more  flexible  by  having  the  browser  store  information  on  what  has  been 
selected  during  the  session.  This  minimizes  the  server's  processing 
overhead  by  eliminating  the  need  for  it  to  keep  track  of  the  user's 
preferences  and  selections. 
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2.  Real-Time  Protocol  (RTP) 

•  The  connection  between  a  client  and  a  server  is  of  a  non-continuous 
nature.  The  connection  is  repeatedly  opened  and  closed.  This  consumes  a 
lot  of  the  user's  time,  especially  if  the  application  is  interactive  in  nature. 
If  the  information  is  static,  that  is,  informational  in  content,  this  issue  is 
less  burdensome. 

•  The  IETF  has  published  several  draft  specifications  concerning  RTP  and 
related  protocols.  Resource  Reservation  Protocol  (RSVP)  and  IP  router 
alerts.  With  increasing  use  of  the  WWW  for  electronic  commerce 
applications  such  as  ordering,  inquiries,  credit  card  authorizations,  it 
becomes  important  to  support  immediate  response  methodologies. 

•  For  example,  in  the  travel,  insurance  or  health  care  industries,  claims, 
inquiries  and  authorizations  are  required  on  a  very  timely  basis.  By 
maintaining  an  open  connection  between  client  and  server,  no  time  is  lost 
during  the  submission  and  response  cycle  as  the  browser  is  waiting  for  the 
host  to  respond.  The  travel,  insurance  and  health  care  industries  have 
recently  been  at  the  forefront  of  developments  in  interactive  EDI  and  in 
the  use  of  the  Internet. 

3.  WWW  Server  Push 

•  The  Internet's  cost  structure,  and  various  proposed  Internet  protocols, 
make  it  possible  to  provide  a  "server  push"  methodology  wherein  the 
server  sends  out  information  proactively,  rather  than  passively  waiting 
for  a  user  to  visit  the  site. 

•  Today,  a  user  can  participate  in  the  initial  implementations  of  server 
push  technology  by  registering  with  a  Web  site  and  giving  an  E-mail 
address.  The  registration  could  be  for  product  updates,  announcements  of 
mall  specials,  "joke  of  the  day,"  press  releases,  or  the  like. 

•  This  technology  can  also  be  used  to  permit  a  shopping  mall,  catalog 
vendor,  or  corporate  purchasing  department  to  send  targeted  advertising 
to  specific  users.  This  approach  enables  marketers  to  use  the  Internet  to 
be  proactive  in  helping  users  find  what  they  want.  This  technology  will 
play  a  major  role  in  supporting  the  expansion  of  electronic  commerce  over 
the  Internet. 
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Security  and  Key  Management 


The  foundation  of  electronic  commerce  over  the  Internet  will  be  solidified  by 
the  widespread  implementation  of  standardized  security  protocols.  Many  of 
the  proposed  protocols  utilize  the  RSA  data  security  cryptography  platform. 
In  order  to  use  this  platform  successfully,  the  sender  and  the  receiver  have  to 
have  access  each  other's  public  key.  At  this  time,  the  Certification  Authority 
(CA)  concept  is  not  yet  fiiUy  implemented.  Networks  of  CAs  are  required  for 
this  purpose. 

To  date,  trading  partners  have  worked  around  this  limitation  by  using  other 
means  of  exchanging  keys  and  certifying  each  other's  ownership  of  the  keys, 
such  as  face-to-face  conversations,  telephone  calls  or  mail.  This  approach  is 
unworkable  for  widespread,  secure  electronic  commerce. 

To  address  this  issue,  two  organizations  have  been  established  to  set  up  the 
required  CA  network  infrastructure.  They  are  VeriSign  (a  subsidiary  of  RSA 
Data  Security  Inc.)  and  Trusted  Information  Systems.  More  CAs  are 
required  and  various  organizations,  like  the  USPS,  are  evaluating  how  best 
to  play  a  role  in  satisfying  this  need. 

As  discussed  in  Chapter  IV,  VANs  who  are  pursuing  the  open  connectivity 
strategy  state  that  they  will  handle  the  management  of  public  and  private 
keys  at  their  Internet  gateways.  VANs  are  in  a  good  position  to  establish  and 
maintain  databases  of  their  subscribers'  public  keys  and  their  certificates, 
because  of  their  central  role  in  providing  network  services  to  a  large  number 
of  companies. 
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Recommendations 


This  chapter  contains  a  set  of  recommendations  for  the  EDI  VANs  and  EDI 
translation  software  vendors,  as  well  as  WWW  server  vendors,  and  those  who 
sell  on  the  WWW  using  the  server  products. 


Recommendations  for  EDI  VANs 


The  EDI  value-added  networks  are  capitalizing  on  emerging  business 
opportunities  by  offering  connectivity  for  their  customers  and  trading 
partners  to  the  Internet.  This  open  support  should  add  momentum  to  the 
implementation  of  EDI  and  electronic  commerce  within  small  and  medium- 
sized  enterprises. 

VANs  who  have  not  yet  made  decisions  about  Internet  strategies  are 
encouraged  to  establish  competitive  offerings.  The  provision  of  Internet 
connectivity  services  based  on  the  open  connectivity  model  described  in 
Chapter  IV  is  capable  of  providing  the  level  of  connectivity  and  serviceability 
the  market  appears  to  be  looking  for. 

Currently,  there  does  not  exist  a  widely  distributed  directory  of  companies 
and  organizations  that  have  implemented  EDI,  and  the  types  of  EDI 
transactions  implemented.  With  an  Internet  E-mail  connection,  a  directory 
like  this  could  be  positioned  to  respond  to  inquiries  from  companies  or 
individuals  looking  for  trading  partners  with  whom  they  could  establish,  or 
expand,  their  own  EDI  programs.  IETF  draft  protocols  have  been  published 
that  address  the  setting  up  of  directories  such  as  these. 

VANs,  because  of  their  market  position,  have  an  opportunity  to  play  a 
leadership  role  in  the  provision  of  this  kind  of  information  via  the  Internet. 
GEIS-MSN  has  taken  steps  in  this  direction  with  a  lookup  system  within 
Windows  95,  and  both  Harbinger  and  Sterling  have  announced,  but  have  not 
yet  detailed,  a  centralized  trading  partner  directory  service.  If  clients  of 
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other  VANs  start  using  these  services,  they  may  be  at  risk  of  moving  to  the 
VAN  that  provides  the  service. 

The  expertise  that  VANs  have  can  also  be  apphed  to  resolving  a  significant 
issue  within  electronic  commerce  over  the  Internet,  that  being  public  key 
management. 

The  establishment  of  directories  as  above  will  allow  VANs  to  maintain  the 
information  concerning  the  public  keys  of  the  trading  partners.  VANs  have 
the  presence  and  the  credibility  to  act  as  Certification  Authorities.  To 
provide  CA  services,  the  VANs  would  have  a  ready-made  database  of 
organizations  (their  clients)  that  they  could  certify.  INPUT  recommends  that 
VANs  investigate  these  paths. 


Recommendations  for  EDI  Translation  Software  Vendors 

EDI  translation  software  companies  have  a  number  of  opportunities  in  the 
growing  Internet  electronic  commerce  market.  In  EDI-based  commerce,  the 
EDI  software  companies  have  an  opportunity  to  expand  their  markets  by 
offering  an  add-on  module  that  makes  their  software  Internet  capable. 

EDI  software  vendors  can  compete  in  the  Internet/EDI  marketplace,  and 
expand  their  markets,  by  implementing  technologies  similar  to  Premenos' 
Templar.  As  discussed  in  Chapter  VI,  there  are  five  features  that  comprise  a 
solution  for  Internet-based  EDI. 

As  an  alternative  to  building  their  own  Internet  capability,  EDI  software 
vendors  should  evaluate  licensing  Templar  from  Premenos.  This  could  allow 
them  a  quick  entrance  into  a  growing  market. 

Companies  selling  goods  and  services  over  the  Internet  have  identified  back- 
office  automation  as  a  key  priority  for  1996.  Much  of  this  automation  will 
have  to  do  with  generating  electronic  orders  to  their  suppliers.  In  easing  this 
integration,  EDI  software  vendors  have  a  significant  role  to  play  and  a 
market  opportunity  to  capitalize  upon. 

To  this  end,  EDI  software  vendors  should  work  with  WWW  server  vendors  to 
develop  interfaces  that  facilitate  the  integration  that  WWW-based  vendors 
are  looking  for,  or  risk  being  bypassed. 
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Recommendations  for  WWW  Server  Vendors 

To  support  the  growth  in  commercial  use  of  the  Internet,  the  WWW  server 
vendors  have  an  opportunity  to  ensure  that  the  security  and  communications 
protocol  standards  are  interoperable.  Standards  that  are  not  interoperable 
are  costly  to  maintain,  hinder  innovation,  and  make  it  difficult  for  consistent 
operations  to  be  established.  As  a  result,  they  will  slow  development  of  the 
complete  market. 

WWW  server  developers  can  encourage  more  work  within  the  browser 
technology  to  implement  "persistent  state  clients."  Though  this  is  a  new 
protocol  proposal,  it  is  one  that  will  allow  for  a  more  rapid  expansion  of 
electronic  commerce  through  the  minimization  of  overhead  at  the  server 
level.  This,  in  turn,  would  allow  WWW-based  vendors  to  concentrate  on 
content  development  and  delivery. 

input's  survey  of  WWW-based  vendors,  in  INPUT'S  report  Electronic 
Catalogs,  Web  Storefronts  and  Internet  Malls,  found  that  the  costs  of 
developing  and  setting  up  a  WWW  site  are  significant.  Integrated  site 
development  tools  must  be  available.  The  current  set  of  tools,  such  as  HTML 
publishing,  CGI  script  managers  and  image  graphics  managers,  are, 
generally,  not  interoperable.  Looking  at  the  lessons  fi:*om  the  PC  industry, 
consumer  demand  only  took  off  once  software  applications  were  able  to 
communicate  with  one  another.  An  integrated  suite  of  WWW  site 
development  tools  will  have  a  similar  impact  and,  as  a  result,  fuel  significant 
expansion  in  electronic  commerce.  Internet  software  developers  will  find  a 
high  demand  for  a  product  suite  of  this  kind. 

To  ensure  cost-effective  operations,  a  set  of  back-office  integration  tools  is 
required  to  assist  a  Web-site  manager  to  connect  the  Web  site  to  supporting 
databases  and  applications  such  as  EDI,  order  entry  and  credit  card 
authorization.  Currently,  these  processes  are  often  handled  manually,  which 
imposes  unnecessary  costs  and  inefficiencies.  To  help  minimize  these  costs, 
WWW  server  vendors  should  work  closely  with  applications  software 
developers  and  EDI  software  vendors  to  simplify  the  APIs  required  to  support 
this  interconnectivity. 


EESM 


1996  by  INPUT.  Reproduction  Prohibited. 


93 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


P  

Recommendations  for  Vendors  Who  Distribute  Using  the  WWW 

Vendors  need  ways  to  help  them  retain  the  customers  who  visit  and  make 
purchases.  They  are  aware  of  the  need  to  keep  their  storefront  interesting. 
Successful  vendors  are  those  who  know  their  market  and  develop  services  to 
differentiate  themselves. 

One  of  the  technologies  that  WWW  vendors  could  consider  is  "server  push." 
Although  server  push  is  not  yet  commercially  available,  a  vendor  can  start  in 
this  direction  by  offering  to  keep  the  customer  up  to  date  via  E-mail.  With 
the  user  registered,  the  vendor  has  a  means  of  enhancing  the  relationship 
with  that  customer. 

By  using  the  registration  process  to  gather  information  about  the  customer, 
the  vendor  gains: 

•  Knowledge  of  the  customer  base,  upon  which  market  and  business 
planning  can  be  performed 

•  A  mechanism  for  customer  retention 

•  A  source  of  participants  for  surveys  of  buying  tastes  and  interests 

Many  vendor  sites  are  passive  in  nature.  To  build  up  business,  they  need  to 
become  more  interesting  to  their  visitors.  Creative  use  of  buyers'  profileswill 
generate  the  requisite  traffic  for  sales.  The  on-line  creation  of  discount 
coupons,  special  offers  and  information  exchange  based  on  a  customer's 
profile  will  bring  a  sense  of  immediacy  and  relationship  to  a  medium  that  can 
otherwise  be  static  and  cold. 

Web  sites  looking  for  an  advantage  over  their  competitors  should  consider  the 
creative  use  of  JAVA  and  VRML.  These  two  technologies  can  deliver  a  level 
of  interactivity  and  realism  that  will  assist  vendors  in  establishing 
differentiated  sites.  Integrated  with  the  server  push,  vendors  could  use  these 
technologies  creatively  to  develop  a  stable  and  growing  customer  base. 

For  example,  a  combination  of  JAVA  and  server  push  could  be  used  by  an 
investment  or  brokerage  company  to  keep  investor  clients  up  to  date.  If  the 
client  decides  to  effect  an  investment  decision,  then  a  JAVA  applet  could  be 
initiated  that  reflects  the  investor's  decision. 

For  a  service  and  support  Web  site  offered  by  an  equipment  manager,  a 
service  request  could  be  resolved  by  the  display  of  a  3-D  explanation  of  the 
solution.  VRML  supports  this  3-D  rendering  of  objects,  so  that  the  viewer,  a 
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technician  in  this  example,  is  better  able  to  understand  the  actions  to  be 
taken, 

E  

Recommendations  for  Internet  Service  Providers 

ISPs  should  expect  to  feel  competition  from  the  major  network  service 
providers  (largely  telcos),  upon  whom  ISPs  depend  for  their  communications 
lines.  ISPs  have  the  advantage  that  they  work  more  closely  with  customers 
than  do  the  telcos,  but  it  is  likely  that  the  telcos  will  commoditize  the 
Internet  access  business  that  is  a  core  part  of  ISP  revenue  today.  INPUT 
recommends  that  ISPs  capitalize  on  the  knowledge  that  they  can  sell  to  the 
telcos,  either  by  cooperative  ventures  or  by  preparing  themselves  for 
acquisition  on  favorable  terms. 

As  ISPs  develop  special  services  for  business  Internet  access,  they  will  find 
themselves  competing  with  the  VANs  that  are  just  now  implementing 
Internet  strategies.  INPUT  recommends  that  ISPs  become  familiar  with  the 
VAN  business  situation  so  that  they  can  decide  whether  to  compete  head-on 
with  the  VANs,  or  search  for  niches  in  which  to  specialize. 

Some  VANs  have  announced  that  they  are  getting  into  the  Web  publishing 
business.  This  is  traditionally  an  important  source  of  revenue  for  ISPs,  so 
ISPs  should  become  very  aware  of  the  VAN  capability  so  as  not  to  lose  this 
business. 


Recommendations  for  Companies  Considering  a  WWW  Presence 

Companies  with  no  current  Internet  strategy  should  immediately  start  to 
develop  one.  The  hype  surrounding  the  Internet  has  raised  its  visibility,  and 
has  raised  expectations  to  unreasonable  levels.  Thus,  when  the  occasional 
security  failure  does  occur,  the  negative  impact  of  this  news  is  accentuated. 
As  with  any  new  technology,  learning  how  to  use  it  properly  is  an  important 
first  step.  In  the  majority  of  the  cases  of  security  failure,  the  root  problem 
has  been  an  inadequate  understanding  of  the  proper  implementation 
procedures  to  be  used.  This  is  now  being  addressed,  and  recognition  that  the 
Internet  can  be  a  secure  platform  for  commerce  will  soon  be  widespread. 

Products  such  as  Aurum  Software's  WebTrak  Internet  Marketing  Module  let 
companies  create  HTML  electronic  forms  on  a  Web  server.  When  these  forms 
Eire  filled  in  by  customers,  the  information  on  the  forms  is  read  into  a 
company's  internal  databases  for  action.  Combined  with  workflow 
technologies,  a  customer's  service  request  can  be  acted  on  quickly.  Early 
implementation  of  this  type  of  application  can  give  a  company  a  competitive 
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Recommendations  for  Vendors  Who  Distribute  Using  the  WWW 

Vendors  need  ways  to  help  them  retain  the  customers  who  visit  and  make 
purchases.  They  are  aware  of  the  need  to  keep  their  storefront  interesting. 
Successful  vendors  are  those  who  know  their  market  and  develop  services  to 
differentiate  themselves. 

One  of  the  technologies  that  WWW  vendors  could  consider  is  "server  push." 
Although  server  push  is  not  yet  commercially  available,  a  vendor  can  start  in 
this  direction  by  offering  to  keep  the  customer  up  to  date  via  E-mail.  With 
the  user  registered,  the  vendor  has  a  means  of  enhancing  the  relationship 
with  that  customer. 

By  using  the  registration  process  to  gather  information  about  the  customer, 
the  vendor  gains: 

•  Knowledge  of  the  customer  base,  upon  which  market  and  business 
planning  can  be  performed 

•  A  mechanism  for  customer  retention 

•  A  source  of  participants  for  surveys  of  buying  tastes  and  interests 

Many  vendor  sites  are  passive  in  nature.  To  build  up  business,  they  need  to 
become  more  interesting  to  their  visitors.  Creative  use  of  buyers'  profileswill 
generate  the  requisite  traffic  for  sales.  The  on-line  creation  of  discount 
coupons,  special  offers  and  information  exchange  based  on  a  customer's 
profile  will  bring  a  sense  of  immediacy  and  relationship  to  a  medium  that  can 
otherwise  be  static  and  cold. 

Web  sites  looking  for  an  advantage  over  their  competitors  should  consider  the 
creative  use  of  JAVA  and  VRML,  These  two  technologies  can  deliver  a  level 
of  interactivity  and  realism  that  will  assist  vendors  in  establishing 
differentiated  sites.  Integrated  with  the  server  push,  vendors  could  use  these 
technologies  creatively  to  develop  a  stable  and  growing  customer  base. 

For  example,  a  combination  of  JAVA  and  server  push  could  be  used  by  an 
investment  or  brokerage  company  to  keep  investor  clients  up  to  date.  If  the 
client  decides  to  effect  an  investment  decision,  then  a  JAVA  applet  could  be 
initiated  that  reflects  the  investor's  decision. 

For  a  service  and  support  Web  site  offered  by  an  equipment  manager,  a 
service  request  could  be  resolved  by  the  display  of  a  3-D  explanation  of  the 
solution.  VRML  supports  this  3-D  rendering  of  objects,  so  that  the  viewer,  a 
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technician  in  this  example,  is  better  able  to  understand  the  actions  to  be 
taken. 

E  

Recommendations  for  Internet  Service  Providers 

ISPs  should  expect  to  feel  competition  from  the  major  network  service 
providers  (largely  telcos),  upon  whom  ISPs  depend  for  their  communications 
lines.  ISPs  have  the  advantage  that  they  work  more  closely  with  customers 
than  do  the  telcos,  but  it  is  likely  that  the  telcos  will  commoditize  the 
Internet  access  business  that  is  a  core  part  of  ISP  revenue  today.  INPUT 
recommends  that  ISPs  capitalize  on  the  knowledge  that  they  can  sell  to  the 
telcos,  either  by  cooperative  ventures  or  by  preparing  themselves  for 
acquisition  on  favorable  terms. 

As  ISPs  develop  special  services  for  business  Internet  access,  they  will  find 
themselves  competing  with  the  VANs  that  are  just  now  implementing 
Internet  strategies.  INPUT  recommends  that  ISPs  become  familiar  with  the 
VAN  business  situation  so  that  they  can  decide  whether  to  compete  head-on 
with  the  VANs,  or  search  for  niches  in  which  to  specialize. 

Some  VANs  have  announced  that  they  are  getting  into  the  Web  publishing 
business.  This  is  traditionally  an  important  source  of  revenue  for  ISPs,  so 
ISPs  should  become  very  aware  of  the  VAN  capability  so  as  not  to  lose  this 
business. 


F  

Recommendations  for  Companies  Considering  a  WWW  Presence 

Companies  with  no  current  Internet  strategy  should  immediately  start  to 
develop  one.  The  hype  surrounding  the  Internet  has  raised  its  visibility,  and 
has  raised  expectations  to  unreasonable  levels.  Thus,  when  the  occasional 
security  failure  does  occur,  the  negative  impact  of  this  news  is  accentuated. 
As  with  any  new  technology,  learning  how  to  use  it  properly  is  an  important 
first  step.  In  the  majority  of  the  cases  of  security  failure,  the  root  problem 
has  been  an  inadequate  understanding  of  the  proper  implementation 
procedures  to  be  used.  This  is  now  being  addressed,  and  recognition  that  the 
Internet  can  be  a  secure  platform  for  commerce  will  soon  be  widespread. 

Products  such  as  Aurum  Software's  WebTrak  Internet  Marketing  Module  let 
companies  create  HTML  electronic  forms  on  a  Web  server.  When  these  forms 
are  filled  in  by  customers,  the  information  on  the  forms  is  read  into  a 
company's  internal  databases  for  action.  Combined  with  workflow 
technologies,  a  customer's  service  request  can  be  acted  on  quickly.  Early 
implementation  of  this  type  of  application  can  give  a  company  a  competitive 


EESM 


©  1996  by  INPUT.  Reproduction  Prohibited. 


95 


ELECTRONIC  COMMERCE  OVER  THE  INTERNET 


INPUT 


advantage.  However,  companies  should  expect  that  such  an  advantage  would 
be  short  lived  as  competitors  implement  the  technology  also. 

Similarly,  companies  have  an  opportunity  to  upgrade  some  of  their  existing 
systems  to  interconnect  with  the  Internet  directly.  For  example,  FedEx's  use 
of  the  Internet  to  allow  customers  to  track  their  packages  has  had  the  benefit 
of  reducing  paperwork  and  reducing  the  workloads  of  the  toll-free  operators. 
By  making  its  site  interesting,  FedEx  is  also  achieving  its  goal  of  customer 
retention. 

Working  with  a  business-oriented  ISP,  a  company  can  achieve  payoffs  such 
as: 

•  Acquisition  of  detailed  customer  demographics  and  feedback 

•  Understanding  customer  usage  patterns 

•  Collection  of  comments  and  suggestions  from  customers  and  prospects 

With  this  detailed  and  current  information  in  hand,  a  corporation  can  develop 
well-targeted  marketing  and  sales  plans  and  anticipate  new  trends  in  user 
requirements. 

Through  connectivity  to  the  WWW,  the  corporation  will  also  gain  the  benefits 
of  savings  in  mailings,  handling  and  printing,  and  heightened  visibility  in  the 
marketplace. 
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